Wp Go Maps Security Vulnerabilities and Issues — Wp Go Maps CVE List

Lucene search

CodecabinWp Go Maps

7 matches found

CVE•added 2024/04/09 7:15 p.m.•98 views

CVE-2023-6777

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Goo...

6.5CVSS9.1AI score0.03532EPSS

CVE•added 2024/01/08 7:15 p.m.•91 views

CVE-2023-6627

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

6.1CVSS6.4AI score0.00886EPSS

CVE•added 2024/03/27 10:15 a.m.•56 views

CVE-2024-29931

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.

7.1CVSS7.1AI score0.00198EPSS

CVE•added 2024/05/24 5:15 a.m.•49 views

CVE-2024-3557

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS5.8AI score0.00169EPSS

CVE•added 2024/06/14 7:15 a.m.•39 views

CVE-2024-5994

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contri...

6.4CVSS6.1AI score0.00161EPSS

CVE•added 2024/03/13 2:15 a.m.•31 views

CVE-2024-1582

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

6.4CVSS6AI score0.00133EPSS

CVE•added 2024/03/13 2:15 a.m.•29 views

CVE-2023-4839

The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to in...

4.8CVSS5AI score0.00115EPSS