13 matches found
CVE-2022-25600
Summary: CVE-2022-25600 is a CSRF vulnerability in the WordPress WP Google Map plugin, affected
CVE-2023-28172
CVE-2023-28172 concerns CSRF in the WordPress WP MAPS plugin (formerly WP Google Map Plugin) by flippercode, affected versions up to 4.4.2. The issue is documented as unauthenticated CSRF with low to moderate impact depending on source; Patchstack reports a fix in 4.4.3. Red Hat/NVD Wordfence ent...
CVE-2021-24130
CVE-2021-24130 describes an SQL injection in the WordPress WP Google Map Plugin prior to 4.1.5, via unvalidated input on the Manage Locations page. The vulnerability requires a high-privileged user (admin+) to trigger it and can lead to exposure of sensitive database information. Affected softwar...
CVE-2025-3504
CVE-2025-3504 affects the WP Maps WordPress plugin prior to 4.7.2. The issue is that map settings aren’t properly sanitized/escaped, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Remediation: upgrade to WP Maps 4.7.2 or later...
CVE-2015-9309
The CVE-2015-9309 entry concerns the WordPress plugin wp-google-map-plugin, which prior to version 2.3.10 has a CSRF vulnerability in the add/edit category feature. Public details from multiple sources confirm the affected software/versions and the CSRF flaw, with CVSS scores indicating medium to...
CVE-2025-3502
Technical summary (CVE-2025-3502): The WP Maps WordPress plugin is vulnerable in versions prior to 4.7.2 due to inadequate sanitization and escaping of certain Map settings. This can enable stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disa...
CVE-2015-9308
The CVE-2015-9308 entry concerns the WordPress wp-google-map-plugin before version 2.3.10, which has a CSRF flaw in the add/edit map feature. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB, OpenVAS, PRION, etc.), all indicating CSRF in the map management functionali...
CVE-2021-24502
CVE-2021-24502 affects the WordPress WP Google Map plugin prior to 1.7.7. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of the Map Title in output, exploitable by high-privilege users. Impact is stored XSS, with no unfiltered_html requi...
CVE-2015-9307
CVE-2015-9307 affects the WordPress plugin wp-google-map-plugin prior to version 2.3.10. The vulnerability is a CSRF flaw in the add/edit location feature, caused by insufficient request verification. Impact is partial confidentiality/integrity/availability according to CVSS 2.0/3.1 metrics; expl...
CVE-2025-3503
CVE-2025-3503 affects the WP Maps WordPress plugin prior to version 4.7.2. The vulnerability arises because some Map settings are not properly sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite). Public expl...
CVE-2023-23878
CVE-2023-23878 is a stored XSS vulnerability in the flippercode WordPress plugin for Google Maps (WP MAPS) versions
CVE-2016-10878
The vulnerability CVE-2016-10878 affects the WordPress plugin wp-google-map-plugin
CVE-2015-9305
CVE-2015-9305 affects the WordPress plugin wp-google-map-plugin prior to version 2.3.7, with a Cross-Site Scripting (XSS) vulnerability involving the add_query_arg() and remove_query_arg() functions. Root cause is improper handling/validation of client-side data in the plugin, enabling injected s...