CVE-2026-1096 Best-wp-google-map <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2026-1096

CVE-2026-1096 affects the Best-wp-google-map WordPress plugin (versions

WordPress plugin Best-wp-google-map 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2023-39771

Malicious code in bioql PyPI...

CVE-2023-35772

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alain Gonzalez Google Map Shortcode plugin = 3.1.2 versions...

CVE-2023-2899

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Google Map Shortcode <= 3.1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress Plugin google-map-shortcode Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Google Map Shortcode Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-38396 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ad78bcfdec4a Credits thiennv Required...

CVE-2023-35772

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alain Gonzalez Google Map Shortcode plugin = 3.1.2 versions...

CVE-2023-35772

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alain Gonzalez Google Map Shortcode plugin = 3.1.2 versions...

CVE-2023-35772

CVE-2023-35772 affects the Google Map Shortcode WordPress plugin. Affected versions are

CVE-2023-2899

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2023-2899 Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

WordPress Plugin Google Map Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Google Map Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-22067 · WordPress · Google Map Shortcode

Name of the Vulnerable Software and Affected Versions: Google Map Shortcode WordPress plugin versions 3.1.2 and earlier Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as...

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Google Map Shortcode Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35772 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2577a60ecf63 Credits Nguyen Xuan...

Google Map Shortcode <= 3.1.2 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Google Map Shortcode Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2899 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c83d68b2188f Credits Lana Codes...