2 matches found
CVE-2025-5194
The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress WP Map Block by aBlocks plugin < 2.0.3 - Contributor+ Stored XSS via Marker vulnerability
Contributor+ Stored XSS via Marker vulnerability discovered by Krugov Artyom in WordPress Plugin WP Map Block versions 2.0.3...