WordPress WP Go Maps (formerly WP Google Maps) plugin <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Map Engine Setting Modification vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin WP Go Maps versions = 10.0.04...

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

PT-2026-4624

Name of the Vulnerable Software and Affected Versions WP Go Maps formerly WP Google Maps versions through 10.0.04 Description The WP Go Maps plugin for WordPress has an issue where data can be modified without proper authorization. This is due to a missing capability check within the...

CVE-2025-11999 Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update

The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarkerresetmap and ammsavemapapi functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upda...

CVE-2025-3504

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks PoC - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add...

WordPress MapifyLite 3.3 Cross Site Scripting

Title : MapifyLite Wordpress Plugins Stored XSS Injection Date : 24/03/2021 Author : Eagle Eye Vendor Homepage : https://mapifypro.com/product/mapifylite/ Version Affected : 3.3 and below Tested on : Google Chrome XSS vulnerability from Map settings & locations 1. Login user 2. Go to add map...

MapifyLite < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the Image URL either in the settings or in a location, allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes WPScanTeam: - The vendor has been notified on March 24th, 2021 - The pro version is very likely to be...