2 matches found
CVE-2021-24643
The CVE-2021-24643 entry concerns the WordPress plugin WP Map Block (versions before 1.2.3). The root cause is insufficient escaping of certain attributes in the block, enabling Stored Cross-Site Scripting (XSS) when a user with a low privilege (contributor) interacts with the block (e.g., adding...
CVE-2025-5194
CVE-2025-5194 affects the WordPress plugin “WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map by aBlocks.” The vulnerability arises because the plugin, in versions prior to 2.0.3, does not validate and escape some block options before outputting them on a post/page where the bl...