Wp Go Maps Security Vulnerabilities and Issues — Wp Go Maps CVE List

CodecabinWp Go Maps

16 matches found

CVE•added 2019/04/02 5:37 p.m.•167 views

CVE-2019-10692

Affected software: WordPress WP Google Maps plugin (versions before 7.11.18). Vulnerability details: The REST API implementation in includes/class.rest-api.php does not sanitize field names before a SELECT statement, enabling an SQL injection. Public descriptions and templates consistently state ...

9.8CVSS9.2AI score0.78699EPSS

CVE•added 2024/04/09 6:58 p.m.•111 views

CVE-2023-6777

CVE-2023-6777 affects WP Go Maps (WordPress plugin) up to version 9.0.34, enabling unauthenticated disclosure of the Google API key by embedding it in multiple plugin files. Attackers could use the exposed key to make API requests, potentially exhausting quotas and affecting map functionality. Pu...

6.5CVSS9.1AI score0.00795EPSS

CVE•added 2024/01/08 7:0 p.m.•110 views

CVE-2023-6627

The CVE-2023-6627 entry concerns the WP Go Maps (formerly WP Google Maps) WordPress plugin and a vulnerability in versions prior to 9.0.28. The issue is that most REST API routes are not properly protected, allowing unauthenticated attackers to store malicious HTML/JavaScript on a site via the af...

6.1CVSS6.4AI score0.00619EPSS

CVE•added 2021/06/21 7:18 p.m.•106 views

CVE-2021-24383

The CVE-2021-24383 entry concerns the WordPress WP Google Maps plugin (versions prior to 8.1.12). The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/validation/escaping of the Map Name when output in the Map List on the admin dashboard...

5.4CVSS5.1AI score0.02339EPSS

CVE•added 2019/03/21 11:1 p.m.•80 views

CVE-2019-9912

CVE-2019-9912 affects the WordPress WP Go Maps plugin prior to version 7.10.43. The vulnerability is a Cross-Site Scripting (XSS) via the wp-admin/admin.php PATH_INFO, allowing an attacker to execute arbitrary script in the admin context. Impact can include potential session hijacking or privileg...

6.1CVSS6AI score0.03028EPSS

CVE•added 2024/03/27 10:10 a.m.•69 views

CVE-2024-29931

WP Go Maps

7.1CVSS7.2AI score0.00753EPSS

CVE•added 2024/05/24 4:29 a.m.•69 views

CVE-2024-3557

CVE-2024-3557 refers to a Stored Cross-Site Scripting vulnerability in the WordPress plugin WP Go Maps (formerly WP Google Maps) . The weakness is due to insufficient input sanitization and output escaping on user-supplied attributes used by the plugin shortcode wpgmza, affecting versions up to a...

6.4CVSS5.8AI score0.00325EPSS

CVE•added 2024/06/14 6:53 a.m.•55 views

CVE-2024-5994

CVE-2024-5994 affects the WP Go Maps (formerly WP Google Maps) WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Custom JS option in versions up to 9.0.38. It allows authenticated users with contributor-level permissions and above (granted by an administrator) to ...

6.4CVSS6.1AI score0.00367EPSS

CVE•added 2014/10/22 2:0 p.m.•53 views

CVE-2014-7182

The CVE-2014-7182 entry affects the WP Google Maps WordPress plugin, with XSS vulnerabilities in versions prior to 6.0.27. The underlying issue is unsanitized input via the poly_id parameter used by actions edit_poly, edit_polyline, and edit_marker on the wp-google-maps-menu page routed to wp-adm...

4.3CVSS5.9AI score0.02461EPSS

Web

CVE•added 2019/08/09 12:14 p.m.•53 views

CVE-2019-14792

The CVE-2019-14792 entry applies to the WordPress WP Google Maps plugin prior to version 7.11.35. The vulnerability arises from an XSS flaw in the plugin via the wp-admin/ rectangle_name or rectangle_opacity parameters, caused by insufficient input validation/sanitization. Public sources in the c...

5.4CVSS5.2AI score0.01063EPSS

CVE•added 2025/01/27 2:22 p.m.•51 views

CVE-2025-24742

CVE-2025-24742 covers a Cross-Site Request Forgery (CSRF) in the WordPress plugin WP Go Maps (formerly WP Google Maps). Affected are WP Go Maps versions up to and including 9.0.40. The vulnerability enables CSRF on actions performed by authenticated users; no exploitation details are provided in ...

8.8CVSS7.2AI score0.00172EPSS

CVE•added 2023/03/14 6:27 a.m.•48 views

CVE-2022-47595

CVE-2022-47595 describes a path traversal in the WP Go Maps plugin (formerly WP Google Maps) for versions 9.0.15 (fixed in 9.0.16) or apply vendor-provided mitigation as documented. Exploitation details are not provided in the available documents. Other sources corroborate the vulnerability as a ...

6.5CVSS5.6AI score0.00754EPSS

CVE•added 2024/03/13 1:57 a.m.•48 views

CVE-2024-1582

CVE-2024-1582 affects the WordPress plugin WP Go Maps (formerly WP Google Maps). It allows Stored XSS through the plugin’s wpgmza shortcode; exploited via user-supplied attributes due to insufficient input sanitization and output escaping. Affected versions: all prior to and including 9.0.32. Imp...

6.4CVSS6AI score0.0032EPSS

CVE•added 2021/09/09 11:18 a.m.•46 views

CVE-2021-36870

The CVE-2021-36870 issue affects WordPress WP Google Maps plugin ≤ 8.1.12. The connected sources describe multiple authenticated persistent XSS vulnerabilities in this plugin, with vulnerable parameters including dataset_name, wpgmza_gdpr_retention_purpose, wpgmza_gdpr_company_name, name, polynam...

5.5CVSS5.5AI score0.00566EPSS

CVE•added 2021/09/09 11:19 a.m.•44 views

CVE-2021-36871

CVE-2021-36871 corresponds to multiple authenticated persistent cross-site scripting (XSS) vulnerabilities in the WordPress WP Google Maps Pro premium plugin (versions ≤ 8.1.11). The issues arise from unsanitized inputs in several vulnerable parameters (e.g., wpgmaps_marker_category_name, &attrib...

5.5CVSS5.5AI score0.00539EPSS

CVE•added 2024/03/13 1:57 a.m.•42 views

CVE-2023-4839

CVE-2023-4839 summary (WP Go Maps for WordPress) The WP Go Maps (WP Google Maps) plugin is affected by a Stored XSS in admin settings, present in versions up to and including 9.0.32. The vulnerability stems from insufficient input sanitization and output escaping, enabling an authenticated attack...

4.8CVSS5AI score0.00342EPSS