CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

EUVD•added 2026/04/08 9:33 p.m.•1 views

EUVD-2026-20645

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS6.1AI score0.00046EPSS

Exploits0References7

NVD•added 2026/04/08 9:17 p.m.•0 views

CVE-2026-5451

6.4CVSS0.00046EPSS

Exploits0References6

ATTACKERKB•added 2026/04/08 8:25 p.m.•0 views

CVE-2026-5451

6.4CVSS6.1AI score0.00046EPSS

Exploits0References7

Cvelist•added 2026/04/08 8:30 a.m.•17 views

CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

6.5CVSS0.00039EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39646

CVE-2026-39646 affects the WordPress Leaflet Map plugin (leaflet-map)

6.5CVSS5.9AI score0.00039EPSS

Exploits0References1

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin Leaflet Map 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00039EPSS

Exploits0References1

CNNVD•added 2026/03/26 12:0 a.m.•3 views

WordPress plugin DSGVO snippet for Leaflet Map and its Extensions 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00016EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 8:57 a.m.•6 views

CVE-2023-31074

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

7.1CVSS5.9AI score0.00104EPSS

Exploits0References1

Patchstack•added 2025/11/23 7:1 p.m.•6 views

WordPress Extensions for Leaflet Map plugin <= 4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.8...

6.5CVSS6.1AI score0.00029EPSS

Exploits0Affected Software1

CVE•added 2025/11/21 12:29 p.m.•5 views

CVE-2025-66093

The CVE-2025-66093 entry concerns the WordPress plugin Extensions for Leaflet Map (extensions-leaflet-map). The issue is a DOM-based XSS caused by improper input neutralization during web page generation, affecting Extensions for Leaflet Map versions up to 4.8. Wordfence notes this vulnerability ...

6.5CVSS6AI score0.00029EPSS

Exploits0References1

NVD•added 2025/11/04 5:16 a.m.•2 views

CVE-2025-12369

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...

6.4CVSS0.00042EPSS

Exploits0References4

Patchstack•added 2025/11/04 4:56 a.m.•7 views

WordPress Extensions for Leaflet Map plugin <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.7...

6.4CVSS5.7AI score0.00042EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11379

Malware in sbrugna...

6.5CVSS6.5AI score0.00103EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-35403

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00104EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:40 a.m.•1 views

CVE-2023-5050

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...

6.4CVSS6.1AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:3 p.m.•1 views

CVE-2021-24467

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the...

6.5CVSS6.2AI score0.00103EPSS

Exploits2References1

OSV•added 2023/10/20 7:15 a.m.•0 views

CVE-2023-5050

5.4CVSS6.8AI score0.00193EPSS

Exploits0References3

CNNVD•added 2023/10/20 12:0 a.m.•1 views

WordPress Plugin Leaflet Map Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6AI score0.00193EPSS

Exploits0References4

NVD•added 2023/08/17 11:15 a.m.•14 views

CVE-2023-31074

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

7.1CVSS6.3AI score0.00104EPSS

Exploits0References1