Lucene search
K

2581 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-3581

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...

5.3CVSS5.5AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41232

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

5CVSS5.5AI score0.00231EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39390

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

9.8CVSS5.7AI score0.09461EPSS
Exploits7References1
Patchstack
Patchstack
added 2026/06/05 3:28 p.m.8 views

WordPress WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin <= 4.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Yousef Alraddadi - none in WordPress Plugin WP Maps versions = 4.9.4...

4.4CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:37 p.m.12 views

WordPress MapPress Maps for WordPress plugin <= 2.96.6 - Unauthenticated Insecure Direct Object Reference vulnerability

Unauthenticated Insecure Direct Object Reference vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin MapPress Maps for WordPress versions = 2.96.6...

5.3CVSS5.4AI score0.00813EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 12:0 a.m.11 views

WordPress WP Go Maps – Google Maps, OpenStreetMap, Leaflet Map plugin <= 10.0.09 - Unauthenticated Sensitive Information Disclosure vulnerability

Unauthenticated Sensitive Information Disclosure vulnerability discovered by Sudhanshu Chauhan - RedHunt Labs in WordPress Plugin WP Go Maps versions = 10.0.09...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/04 4:22 p.m.76 views

Exploit for CVE-2026-8732

CVE-2026-8732 – WordPress WP Maps Pro Exploit Unauthenticat...

9.8CVSS6AI score0.09461EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/06/02 2:51 a.m.93 views

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

9.8CVSS5.9AI score0.09461EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/06/01 8:45 a.m.14 views

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites. WP Maps Pro allows site owners to embed customizable Google Map...

9.8CVSS5.7AI score0.09461EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/05/30 6:42 a.m.147 views

Exploit for CVE-2026-8732

CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...

9.8CVSS5.8AI score0.09461EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/05/30 12:28 a.m.253 views

Exploit for CVE-2026-8732

CVE-2026-8732 — WP Maps Pro ≤ 6.1.0 ♡ Unauthenticated Privil...

9.8CVSS5.8AI score0.09461EPSS
Exploits7
NVD
NVD
added 2026/05/29 8:16 p.m.26 views

CVE-2026-46385

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS0.00378EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/29 9:24 a.m.15 views

WordPress WP Maps Pro plugin <= 6.0.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by David Brown in WordPress Plugin Advanced Google Maps versions = 6.0.4...

9.8CVSS5.8AI score0.09461EPSS
Exploits7References1Affected Software1
NVD
NVD
added 2026/05/29 7:16 a.m.16 views

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

9.8CVSS0.09461EPSS
Exploits7References2
Vulnrichment
Vulnrichment
added 2026/05/29 5:32 a.m.11 views

CVE-2026-8732 WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

9.8CVSS5.7AI score0.09461EPSS
Exploits7References2
CVE
CVE
added 2026/05/29 5:32 a.m.102 views

CVE-2026-8732

Summary of CVE-2026-8732 : The WP Maps Pro WordPress plugin (≤ 6.1.0) is vulnerable to unauthenticated privilege escalation via Administrator Account Creation. The root cause is the wpgmp_temp_access_ajax action registered for both authenticated and unauthenticated requests, protected only by a p...

9.8CVSS5.7AI score0.09461EPSS
In wildExploits7References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.11 views

SUSE CVE-2026-46115

In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovecphysmergeable biovecphysmergeable is used by the request merge, DMA mapping, and integrity merge paths to decide if two physically contiguous bvec segments can be coalesced into one. It currently h...

5.5CVSS5.7AI score0.00491EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WordPress plugin WP Maps Pro 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS6AI score0.09461EPSS
Exploits7References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/29 12:0 a.m.92 views

VulnCheck KEV: CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

9.8CVSS5.7AI score0.09461EPSS
In wildExploits7References3
Rows per page
Query Builder