44 matches found
CVE-2025-14851
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-14851
CVE-2025-14851 concerns YaMaps for WordPress Plugin (YaMaps for WordPress) for WordPress. The vulnerability is a Stored Cross-Site Scripting via the yamap shortcode parameters present in all versions up to and including 0.6.40. The issue stems from insufficient input sanitization and output escap...
WordPress YaMaps for WordPress plugin <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YaMaps for WordPress versions = 0.6.40...
PT-2026-20620
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
WordPress plugin YaMaps for WordPress 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-13958
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress YaMaps plugin < 0.6.40 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin YaMaps for WordPress versions 0.6.40...
CVE-2025-13958
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2025-13958 YaMaps < 0.6.40 - Contributor+ Stored XSS
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2025-13958 YaMaps < 0.6.40 - Contributor+ Stored XSS
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
EUVD-2025-205552
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2025-13958
CVE-2025-13958 relates to the YaMaps for WordPress Plugin prior to 0.6.40, which does not validate and escape certain shortcode attributes before output. This can enable a stored XSS condition in pages or posts where the shortcode is embedded if an attacker has the Contributor role or higher. Roo...
WordPress plugin YaMaps 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-53697
Name of the Vulnerable Software and Affected Versions YaMaps for WordPress Plugin versions prior to 0.6.40 Description The YaMaps for WordPress Plugin does not properly validate and escape shortcode attributes before displaying them on a page or post. This could allow users with contributor roles...
EUVD-2025-9834
Malicious code in bioql PyPI...
EUVD-2023-12349
Malicious code in bioql PyPI...
EUVD-2024-40119
Malicious code in bioql PyPI...
CVE-2024-43224
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27...