Lucene search
+L

83 matches found

RedhatCVE
RedhatCVE
added 2025/05/03 6:11 a.m.20 views

CVE-2025-3502

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00274EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/03 6:10 a.m.25 views

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00236EPSS
Exploits1References1
NVD
NVD
added 2025/05/01 6:15 a.m.30 views

CVE-2025-3504

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00219EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 6:15 a.m.5 views

CVE-2025-3504

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00219EPSS
Exploits1References1
NVD
NVD
added 2025/05/01 6:15 a.m.23 views

CVE-2025-3502

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00274EPSS
Exploits1References1
NVD
NVD
added 2025/05/01 6:15 a.m.49 views

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00236EPSS
Exploits1References1
CVE
CVE
added 2025/05/01 6:0 a.m.65 views

CVE-2025-3503

CVE-2025-3503 affects the WP Maps WordPress plugin prior to version 4.7.2. The vulnerability arises because some Map settings are not properly sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite). Public expl...

4.8CVSS5.4AI score0.00236EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/01 6:0 a.m.7 views

CVE-2025-3502 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00274EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/01 6:0 a.m.10 views

CVE-2025-3504 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00219EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/01 6:0 a.m.9 views

CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00236EPSS
Exploits1References1
CVE
CVE
added 2025/05/01 6:0 a.m.63 views

CVE-2025-3502

Technical summary (CVE-2025-3502): The WP Maps WordPress plugin is vulnerable in versions prior to 4.7.2 due to inadequate sanitization and escaping of certain Map settings. This can enable stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disa...

4.8CVSS5.4AI score0.00274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/01 6:0 a.m.71 views

CVE-2025-3504

CVE-2025-3504 affects the WP Maps WordPress plugin prior to 4.7.2. The issue is that map settings aren’t properly sanitized/escaped, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Remediation: upgrade to WP Maps 4.7.2 or later...

4.8CVSS5.4AI score0.00219EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/01 6:0 a.m.46 views

CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00236EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/01 6:0 a.m.21 views

CVE-2025-3504 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00219EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/01 6:0 a.m.33 views

CVE-2025-3502 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00274EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.11 views

PT-2025-18365 · WordPress · Wp Amaps

Name of the Vulnerable Software and Affected Versions: WP Maps versions prior to 4.7.2 Description: The WP Maps WordPress plugin does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

4.8CVSS7.8AI score0.00219EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.12 views

PT-2025-18364 · WordPress · Wp Amaps

Name of the Vulnerable Software and Affected Versions: WP Maps WordPress plugin versions prior to 4.7.2 Description: The WP Maps WordPress plugin does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

4.8CVSS7.9AI score0.00236EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.5 views

PT-2025-18363 · WordPress · Wp Amaps

Name of the Vulnerable Software and Affected Versions: WP Maps WordPress plugin version 4.7.1 and earlier Description: The WP Maps WordPress plugin does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

4.8CVSS5.3AI score0.00274EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/02/05 4:40 a.m.13 views

CVE-2024-9235

The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...

8.8CVSS7.1AI score0.00482EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/18 4:50 a.m.4 views

WordPress Mapster WP Maps plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Akbar Kustirama in WordPress Plugin Mapster WP Maps versions = 1.6.0...

6.4CVSS5.7AI score0.00771EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder