CVE-2025-57952 WordPress Maps for WP Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.5...

CVE-2025-57952

CVE-2025-57952 is a Stored XSS in Maps for WP (WordPress plugin) affecting Maps for WP versions up to 1.2.5. The description notes improper input neutralization during web page generation. Connected documents indicate the vulnerability exists for Maps for WP

PT-2025-38802

Name of the Vulnerable Software and Affected Versions icopydoc Maps for WP versions through 1.2.5 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting XSS. This allows an attacker to inject...

WordPress plugin Maps for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-27265

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through = 1.0.3...

CVE-2024-13648

The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin Maps for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...

CVE-2020-12675

The CVE-2020-12675 entry concerns the WordPress plugin mappress-google-maps-for-wordpress, version prior to 2.54.6. Affected component: the plugin’s AJAX-related code (creation/retrieval/deletion of PHP template files) with insufficient capability checks, enabling Remote Code Execution. Root caus...