Wp Go Maps@* Security Vulnerabilities and Issues — Wp Go Maps@* CVE List

Lucene search

CodecabinWp Go Maps*

12 matches found

CVE•added 2019/04/02 6:30 p.m.•137 views

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.

9.8CVSS9.2AI score0.89356EPSS

Web

CVE•added 2024/04/09 7:15 p.m.•99 views

CVE-2023-6777

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Goo...

6.5CVSS9.1AI score0.03532EPSS

CVE•added 2021/06/21 8:15 p.m.•94 views

CVE-2021-24383

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

5.4CVSS5.1AI score0.00868EPSS

Web

CVE•added 2024/01/08 7:15 p.m.•93 views

CVE-2023-6627

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

6.1CVSS6.4AI score0.00886EPSS

Web

CVE•added 2019/03/22 12:29 a.m.•63 views

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.

6.1CVSS6AI score0.00808EPSS

Web

CVE•added 2024/03/27 10:15 a.m.•57 views

CVE-2024-29931

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.

7.1CVSS7.1AI score0.00269EPSS

CVE•added 2024/05/24 5:15 a.m.•50 views

CVE-2024-3557

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS5.8AI score0.00172EPSS

CVE•added 2019/08/09 1:15 p.m.•44 views

CVE-2019-14792

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.

5.4CVSS5.2AI score0.00208EPSS

Web

CVE•added 2025/01/27 3:15 p.m.•42 views

CVE-2025-24742

Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40.

8.8CVSS7AI score0.00033EPSS

CVE•added 2024/06/14 7:15 a.m.•40 views

CVE-2024-5994

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contri...

6.4CVSS6.1AI score0.002EPSS

CVE•added 2024/03/13 2:15 a.m.•32 views

CVE-2024-1582

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

6.4CVSS6AI score0.0018EPSS

CVE•added 2024/03/13 2:15 a.m.•30 views

CVE-2023-4839

The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to in...

4.8CVSS5AI score0.00156EPSS