12 matches found
CVE-2022-25600
Summary: CVE-2022-25600 is a CSRF vulnerability in the WordPress WP Google Map plugin, affected
CVE-2015-9309
The CVE-2015-9309 entry concerns the WordPress plugin wp-google-map-plugin, which prior to version 2.3.10 has a CSRF vulnerability in the add/edit category feature. Public details from multiple sources confirm the affected software/versions and the CSRF flaw, with CVSS scores indicating medium to...
CVE-2021-24130
CVE-2021-24130 describes an SQL injection in the WordPress WP Google Map Plugin prior to 4.1.5, via unvalidated input on the Manage Locations page. The vulnerability requires a high-privileged user (admin+) to trigger it and can lead to exposure of sensitive database information. Affected softwar...
CVE-2025-3504
CVE-2025-3504 affects the WP Maps WordPress plugin prior to 4.7.2. The issue is that map settings aren’t properly sanitized/escaped, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Remediation: upgrade to WP Maps 4.7.2 or later...
CVE-2015-9308
The CVE-2015-9308 entry concerns the WordPress wp-google-map-plugin before version 2.3.10, which has a CSRF flaw in the add/edit map feature. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB, OpenVAS, PRION, etc.), all indicating CSRF in the map management functionali...
CVE-2015-9307
CVE-2015-9307 affects the WordPress plugin wp-google-map-plugin prior to version 2.3.10. The vulnerability is a CSRF flaw in the add/edit location feature, caused by insufficient request verification. Impact is partial confidentiality/integrity/availability according to CVSS 2.0/3.1 metrics; expl...
CVE-2021-24502
CVE-2021-24502 affects the WordPress WP Google Map plugin prior to 1.7.7. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of the Map Title in output, exploitable by high-privilege users. Impact is stored XSS, with no unfiltered_html requi...
CVE-2025-3502
Technical summary (CVE-2025-3502): The WP Maps WordPress plugin is vulnerable in versions prior to 4.7.2 due to inadequate sanitization and escaping of certain Map settings. This can enable stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disa...
CVE-2025-3503
CVE-2025-3503 affects the WP Maps WordPress plugin prior to version 4.7.2. The vulnerability arises because some Map settings are not properly sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite). Public expl...
CVE-2016-10878
The vulnerability CVE-2016-10878 affects the WordPress plugin wp-google-map-plugin
CVE-2023-23878
CVE-2023-23878 is a stored XSS vulnerability in the flippercode WordPress plugin for Google Maps (WP MAPS) versions
CVE-2015-9305
CVE-2015-9305 affects the WordPress plugin wp-google-map-plugin prior to version 2.3.7, with a Cross-Site Scripting (XSS) vulnerability involving the add_query_arg() and remove_query_arg() functions. Root cause is improper handling/validation of client-side data in the plugin, enabling injected s...