CVE-2019-19134
The CVE-2019-19134 entry concerns WordPress Hero Maps Premium plugin (versions ≤ 2.2.1) with an unauthenticated XSS via views/dashboard/index.php p parameter. The issue arises from insufficient input sanitization, enabling injection of HTML/JavaScript in a user’s browser and potentially cookie th...