812 matches found
WordPress Royal Elementor Addons and Template plugin <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via auxcontactbox and auxgmaps Shortcodes vulnerability discovered by David Gallagher BatFeats - Adept Digital in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.0...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
CVE-2017-18557
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues...
CVE-2020-12077
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...
CVE-2020-12675
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
CVE-2023-25039
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43...
WordPress plugin WP Google Street View (with 360° virtual tour) & Google maps + Local SEO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to set up a personal blog site on a PHP and MySQL based...
WordPress Stratum plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.6.0...
PT-2025-50578
Name of the Vulnerable Software and Affected Versions IceWarp gmaps affected versions not specified Description The software contains a cross-site scripting issue that can lead to authentication bypass. The issue allows an attacker to bypass authentication mechanisms. Recommendations At the momen...
MAL-2025-190999 Malicious code in react-native-google-maps-directions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bb0fc868ff9cbddc19692db858eff3de665ee0d6dc12a0417f7bd6fb6393a99 The package react-native-google-maps-directions was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199044
Malicious code in react-native-google-maps-directions npm...
WordPress Google Maps plugin <= 9.0.47 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by sunghoon kim in WordPress Plugin WP Go Maps versions = 9.0.47...
CVE-2025-12662
The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
EUVD-2025-60925
The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-11307 WP Google Maps < 9.0.48 - Unauthenticated Stored XSS
The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...
CVE-2025-12662 Coon Google Maps <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-12662 Coon Google Maps <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-12662
The CVE-2025-12662 entry concerns the WordPress Coon Google Maps plugin. A stored XSS flaw exists in all versions up to 1.0 via the height parameter in the map shortcode, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access or high...
WordPress Coon Google Maps plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Coon Google Maps versions = 1.0...