2 matches found
CVE-2019-19134
The CVE-2019-19134 entry concerns WordPress Hero Maps Premium plugin (versions ≤ 2.2.1) with an unauthenticated XSS via views/dashboard/index.php p parameter. The issue arises from insufficient input sanitization, enabling injection of HTML/JavaScript in a user’s browser and potentially cookie th...
CVE-2024-13781
CVE-2024-13781 concerns the WordPress plugin Hero Maps Premium (Customizable Google Maps Plugin) up to version 2.3.9. The vulnerability is a SQL Injection caused by insufficient escaping of user-supplied parameters and insufficient preparation in existing queries, exploitable by authenticated att...