4 matches found
CVE-2025-2279
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-2279
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-2279
The CVE-2025-2279 entry concerns the Maps WordPress plugin (versions up to 1.0.6). The issue is that the plugin does not validate and escape certain shortcode attributes before output, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting (XSS) via the...
PT-2025-14854 · WordPress · Mapsvg Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Maps WordPress plugin versions 1.0.0 through 1.0.6 Description: The issue concerns the Maps WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post. This could...