204 matches found
EUVD-2023-57393
Malicious code in bioql PyPI...
EUVD-2022-52001
Malicious code in bioql PyPI...
EUVD-2024-32245
Malicious code in bioql PyPI...
EUVD-2024-37620
Malicious code in bioql PyPI...
EUVD-2022-24466
Malicious code in bioql PyPI...
EUVD-2023-35403
Malicious code in bioql PyPI...
MAL-2025-25498 Malicious code in loclys-leaflet-routing-machine (npm)
The package loclys-leaflet-routing-machine was found to contain malicious code...
Malicious code in loclys-leaflet-routing-machine (npm)
The package loclys-leaflet-routing-machine was found to contain malicious code...
CVE-2025-5122
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-5122 Map Block Leaflet <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-5122
CVE-2025-5122 maps to Map Block Leaflet for WordPress. Affected: versions up to 3.2.1 with stored cross-site scripting via the url parameter due to insufficient input sanitization and output escaping. Exploitation requires an authenticated user with Contributor-level access or higher; injected sc...
PT-2025-23144 · WordPress · Map Block Leaflet
Name of the Vulnerable Software and Affected Versions: The Map Block Leaflet plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping via the url parameter. This allows...
WordPress plugin Map Block Leaflet 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2024-3670
The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied attribut...
CVE-2023-5050
The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...
CVE-2022-4677
The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-1123
The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks...
CVE-2021-24467
The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the...
CVE-2021-24468
The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues...
CVE-2025-27278
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issue affects AcuGIS Leaflet Maps: from n/a through = 5.1.1.0...