Lucene search
+L

812 matches found

patchstack
patchstack
added 2026/02/02 6:55 a.m.7 views

WordPress Royal Elementor Addons and Template plugin <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...

6.4CVSS7.3AI score0.00399EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/02/02 6:48 a.m.12 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via auxcontactbox and auxgmaps Shortcodes vulnerability discovered by David Gallagher BatFeats - Adept Digital in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.0...

6.4CVSS7.3AI score0.00315EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/01/09 12:13 p.m.11 views

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

5.4CVSS5.9AI score0.01058EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 10:31 a.m.7 views

CVE-2017-18557

The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01384EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:56 a.m.14 views

CVE-2020-12077

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

8.8CVSS7.5AI score0.05606EPSS
Exploits3References1
redhatcve
redhatcve
added 2026/01/09 9:56 a.m.13 views

CVE-2020-12675

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...

8.8CVSS7.1AI score0.05606EPSS
Exploits3References1
redhatcve
redhatcve
added 2026/01/09 9:31 a.m.7 views

CVE-2023-25039

Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43...

8.8CVSS8AI score0.00497EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/09 12:0 a.m.6 views

WordPress plugin WP Google Street View (with 360° virtual tour) & Google maps + Local SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to set up a personal blog site on a PHP and MySQL based...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References2
patchstack
patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Stratum plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.6.0...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2025/12/10 12:0 a.m.12 views

PT-2025-50578

Name of the Vulnerable Software and Affected Versions IceWarp gmaps affected versions not specified Description The software contains a cross-site scripting issue that can lead to authentication bypass. The issue allows an attacker to bypass authentication mechanisms. Recommendations At the momen...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References7
osv
osv
added 2025/11/24 10:11 p.m.5 views

MAL-2025-190999 Malicious code in react-native-google-maps-directions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bb0fc868ff9cbddc19692db858eff3de665ee0d6dc12a0417f7bd6fb6393a99 The package react-native-google-maps-directions was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
euvd
euvd
added 2025/11/24 10:11 p.m.6 views

EUVD-2025-199044

Malicious code in react-native-google-maps-directions npm...

6.6AI score
Exploits0References4
patchstack
patchstack
added 2025/11/17 10:12 p.m.6 views

WordPress Google Maps plugin <= 9.0.47 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by sunghoon kim in WordPress Plugin WP Go Maps versions = 9.0.47...

8.8CVSS5.8AI score0.01873EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/11/12 3:47 a.m.14 views

CVE-2025-12662

The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5AI score0.00211EPSS
Exploits0References1
euvd
euvd
added 2025/11/11 6:30 a.m.5 views

EUVD-2025-60925

The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/11/11 6:0 a.m.3 views

CVE-2025-11307 WP Google Maps < 9.0.48 - Unauthenticated Stored XSS

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...

5.8AI score0.01873EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/11 3:30 a.m.10 views

CVE-2025-12662 Coon Google Maps <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00211EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/11/11 3:30 a.m.6 views

CVE-2025-12662 Coon Google Maps <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
cve
cve
added 2025/11/11 3:30 a.m.21 views

CVE-2025-12662

The CVE-2025-12662 entry concerns the WordPress Coon Google Maps plugin. A stored XSS flaw exists in all versions up to 1.0 via the height parameter in the map shortcode, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access or high...

6.4CVSS4.8AI score0.00211EPSS
Exploits0References3
patchstack
patchstack
added 2025/11/11 12:12 a.m.12 views

WordPress Coon Google Maps plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Coon Google Maps versions = 1.0...

6.4CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder