Lucene search
K

242 matches found

CNNVD
CNNVD
added 2026/03/23 12:0 a.m.6 views

WordPress plugin WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.3 views

PT-2026-27034

Name of the Vulnerable Software and Affected Versions WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress versions up to and including 4.9.1 Description The WP Maps plugin for WordPress is susceptible to time-based SQL Injection. This is...

7.5CVSS5.8AI score0.00444EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/18 3:32 a.m.5 views

EUVD-2026-12742

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/11 7:46 a.m.10 views

WordPress WP Maps plugin <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter vulnerability

Unauthenticated SQL Injection via 'locationid' Parameter vulnerability discovered by johska in WordPress Plugin WP Maps versions = 4.9.1...

7.5CVSS5.8AI score0.00418EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/03/11 5:27 a.m.16 views

CVE-2026-3222

WP Maps plugin for WordPress is vulnerable to a time-based blind SQL injection via the location_id parameter in versions up to 4.9.1. Root cause: the database abstraction layer (FlipperCode_Model_Base::is_column()) accepts user input wrapped in backticks as column names, bypassing esc_sql(). Addi...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:27 a.m.2 views

CVE-2026-3222

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'locationid' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCodeModelBase::iscolumn treating user input wrapped in backticks as column...

7.5CVSS6.1AI score0.00418EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/03/11 5:27 a.m.33 views

CVE-2026-3222 WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'locationid' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCodeModelBase::iscolumn treating user input wrapped in backticks as column...

7.5CVSS0.00418EPSS
Exploits1References10
EUVD
EUVD
added 2026/03/11 5:27 a.m.6 views

EUVD-2026-11104

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'locationid' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCodeModelBase::iscolumn treating user input wrapped in backticks as column...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/02/18 1:40 a.m.24 views

CVE-2025-12062

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS6.4AI score0.00723EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/17 7:31 a.m.6 views

WordPress WP Maps plugin <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion vulnerability

Authenticated Subscriber+ Limited Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin WP Maps versions = 4.8.6...

8.8CVSS5.4AI score0.00723EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/17 12:16 a.m.9 views

CVE-2025-12062

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS0.00723EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

WordPress plugin WP Maps 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS5.9AI score0.00723EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/16 11:22 p.m.2 views

CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS6.5AI score0.00723EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/16 11:22 p.m.32 views

CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS0.00723EPSS
Exploits0References2
CVE
CVE
added 2026/02/16 11:22 p.m.22 views

CVE-2025-12062

The WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion up to and including version 4.8.6 via the fc_load_template function. This allows authenticated attackers with Subscriber-level access and above ...

8.8CVSS6.5AI score0.00723EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.4 views

CVE-2026-1730

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...

8.8CVSS6.5AI score0.0052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:10 p.m.15 views

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS5.5AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/24 4:25 p.m.13 views

CVE-2026-0593 WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:31 a.m.6 views

CVE-2017-18557

The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01384EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-202109

Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through = 4.8.6...

6.5CVSS6.5AI score0.00303EPSS
Exploits0References2
Rows per page
Query Builder