3 matches found
CVE-2012-6649
The CVE-2012-6649 affects WordPress WP GPX Maps Plugin 1.1.21 and is caused by an improper/unrestricted file upload, enabling remote attackers to execute arbitrary PHP code on the server. Impact: remote code execution with web‑server context; vulnerability is tied to the wp-gpx-maps plugin. Remed...
CVE-2023-44234
CVE-2023-44234 affects the WordPress WP GPX Maps plugin (WP GPX Maps) up to version 1.7.08. Root cause: Missing Authorization (Broken Access Control) allows access to resources without proper permission validation. Documented severity is low (CVSS ~4.3). Public references indicate the vulnerabili...
CVE-2024-9028
CVE-2024-9028 : WP GPX Maps for WordPress is affected by a Stored XSS via the sgpx shortcode in all versions up to 1.7.08. The issue stems from insufficient input sanitization and output escaping of user-supplied attributes, allowing authenticated attackers (Contributor+ with access) to inject sc...