CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied attribut...

6.4CVSS6AI score0.00435EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:23 a.m.•7 views

CVE-2022-4677

The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS6AI score0.00562EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 10:18 p.m.•9 views

CVE-2022-1123

The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks...

7.2CVSS7.7AI score0.01002EPSS

Exploits2References1

RedhatCVE•added 2025/03/05 1:55 p.m.•22 views

CVE-2025-27278

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issue affects AcuGIS Leaflet Maps: from n/a through = 5.1.1.0...

7.1CVSS7.2AI score0.00224EPSS

Exploits0References1

NVD•added 2025/03/03 2:15 p.m.•9 views

CVE-2025-27278

7.1CVSS0.00224EPSS

Exploits0References1

Vulnrichment•added 2025/03/03 1:30 p.m.•10 views

CVE-2025-27278 WordPress AcuGIS Leaflet Maps Plugin <= 5.1.1.0 - Multiple Cross Site Scripting (XSS) vulnerabilities

7.1CVSS8.6AI score0.00224EPSS

Exploits0References1

CVE•added 2025/03/03 1:30 p.m.•58 views

CVE-2025-27278

CVE-2025-27278 affects NotFound AcuGIS Leaflet Maps Plugin for WordPress (

7.1CVSS7.2AI score0.00224EPSS

Exploits0References1

Cvelist•added 2025/03/03 1:30 p.m.•21 views

CVE-2025-27278 WordPress AcuGIS Leaflet Maps Plugin <= 5.1.1.0 - Multiple Cross Site Scripting (XSS) vulnerabilities

7.1CVSS0.00224EPSS

Exploits0References1

CNNVD•added 2025/03/03 12:0 a.m.•2 views

WordPress plugin AcuGIS Leaflet Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS8.2AI score0.00224EPSS

Exploits0References2

Patchstack•added 2025/02/21 12:0 a.m.•3 views

WordPress AcuGIS Leaflet Maps Plugin <= 5.1.1.0 - Multiple Cross Site Scripting (XSS) vulnerabilities

Multiple Cross Site Scripting XSS vulnerabilities discovered by johska in WordPress Plugin AcuGIS Leaflet Maps versions = 5.1.1.0...

7.1CVSS6.4AI score0.00224EPSS

Exploits0Affected Software1

OSV•added 2024/07/21 10:15 p.m.•1 views

CVE-2024-38782

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9...

5.4CVSS5.8AI score0.00246EPSS

Exploits0References1

NVD•added 2024/07/21 10:15 p.m.•15 views

CVE-2024-38782

6.5CVSS0.00246EPSS

Exploits0References1

Cvelist•added 2024/07/21 9:13 p.m.•16 views

CVE-2024-38782 WordPress Leaflet Maps Marker plugin <= 3.12.9 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00246EPSS

Exploits0References1

CVE•added 2024/07/21 9:13 p.m.•48 views

CVE-2024-38782