CVE-2025-54748 WordPress MapSVG Plugin < 8.6.12 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through 8.6.12...

CVE-2025-62930 WordPress MapSVG plugin <= 8.7.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through = 8.7.22...

CVE-2025-54669

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through 8.7.4...

PT-2025-33223 · Romancode · Mapsvg

Name of the Vulnerable Software and Affected Versions: MapSVG affected versions not specified Description: An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability exists in RomanCode MapSVG, allowing for SQL injection. Recommendations: At the moment,...

CVE-2025-47559

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.4...

CVE-2025-47559

CVE-2025-47559 affects WordPress MapSVG up to and including version 8.5.32, described as Unrestricted Upload of File with Dangerous Type that can allow uploading a Web Shell to the web server. The CVSS v3.1 base score is 9.9 (CRITICAL) with network access, low attack complexity, and all of confid...

PT-2025-24507 · Romancode · Mapsvg

Name of the Vulnerable Software and Affected Versions: MapSVG versions n/a through 8.5.34 Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation in RomanCode MapSVG. Recommendations: For versions n/a through 8.5.34, update to a...

CVE-2025-47558 WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

PT-2025-21709 · Romancode · Mapsvg

Name of the Vulnerable Software and Affected Versions: MapSVG versions prior to 8.5.32 Description: The issue is related to a Missing Authorization vulnerability in RomanCode MapSVG, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions prior...

PT-2022-13287 · WordPress · Mapsvg Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: MapSVG WordPress plugin versions prior to 6.2.20 Description: The issue concerns a SQL Injection that can be exploited by unauthenticated users due to the lack of validation and escaping of a parameter used in a SQL statement via a REST...