CVE-2021-25081

The CVE-2021-25081 entry concerns the WordPress Google Maps plugin (WP Google Map) before version 1.8.4. The vulnerability arises because the plugin’s AJAX actions largely lack CSRF checks, enabling a CSRF attacker to coerce a logged-in administrator into performing privileged actions such as del...

CVE-2021-25011

The CVE-2021-25011 entry concerns the WordPress Maps Plugin using Google Maps pre-1.8.1. The public details in connected documents show a lack of proper authorization and CSRF protection in most AJAX actions, enabling any authenticated user (e.g., Subscriber) to perform dangerous actions such as ...

CVE-2024-13208

The CVE-2024-13208 entry refers to the Maps Plugin using Google Maps for WordPress that, prior to version 1.9.4, does not sanitize and escape certain settings. This could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is not allowed (such as in multisite). The v...

CVE-2024-13306

CVE-2024-13306 affects the Maps Plugin using Google Maps for WordPress (WP Google Map) prior to version 1.9.4. The vulnerability arises from insufficient sanitisation/escaping of certain plugin settings, enabling stored XSS by high-privilege users (e.g., admins), including scenarios where unfilte...