Lucene search
K

242 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.7 views

CVE-2023-0037

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.2AI score0.03911EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.8 views

CVE-2023-28172

Cross-Site Request Forgery CSRF vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS formerly WP Google Map Plugin plugin = 4.4.2 versions...

8.8CVSS7.1AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.5 views

CVE-2023-22698

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin = 1.0.2 versions...

6.5CVSS5.8AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:35 a.m.9 views

CVE-2023-6732

The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6AI score0.00416EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 2:51 a.m.6 views

CVE-2023-0270

The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.5AI score0.00477EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.7 views

CVE-2023-5744

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00603EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:41 a.m.6 views

CVE-2023-5315

The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS5.9AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:45 p.m.10 views

CVE-2022-2424

The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00493EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.7 views

CVE-2021-25081

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack...

6.5CVSS6.9AI score0.00566EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.10 views

CVE-2021-25011

The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings...

5.7CVSS6.9AI score0.0042EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:48 a.m.8 views

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

6.1CVSS6AI score0.03028EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.35 views

CVE-2024-8620

CVE-2024-8620 affects the WordPress plugin MapPress Maps for WordPress, specifically versions prior to 2.93. The issue is that certain settings are not properly sanitized/escaped, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/03 6:11 a.m.19 views

CVE-2025-3502

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00274EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/03 6:10 a.m.21 views

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00236EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 6:15 a.m.4 views

CVE-2025-3504

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00219EPSS
Exploits1References1
NVD
NVD
added 2025/05/01 6:15 a.m.20 views

CVE-2025-3504

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00219EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 6:15 a.m.4 views

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00236EPSS
Exploits1References1
NVD
NVD
added 2025/05/01 6:15 a.m.20 views

CVE-2025-3502

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00274EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/01 6:0 a.m.10 views

CVE-2025-3504 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00219EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/01 6:0 a.m.19 views

CVE-2025-3504 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00219EPSS
Exploits1References1
Rows per page
Query Builder