CVE-2024-1582

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-5994

CVE-2024-5994 affects the WP Go Maps (formerly WP Google Maps) WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Custom JS option in versions up to 9.0.38. It allows authenticated users with contributor-level permissions and above (granted by an administrator) to ...

CVE-2024-3557

CVE-2024-3557 refers to a Stored Cross-Site Scripting vulnerability in the WordPress plugin WP Go Maps (formerly WP Google Maps) . The weakness is due to insufficient input sanitization and output escaping on user-supplied attributes used by the plugin shortcode wpgmza, affecting versions up to a...

CVE-2023-6697

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2023-15418 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps plugin versions = 9.0.15 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This vulnerability affects the WP Go Maps plugin, which w...