CVE-2018-14071 – Geo Mashup - < 1.10.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14071
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. El plugin Geo Mashup en versiones anteriores a la 1.10.4 para WordPress tiene un saneamiento insuficiente de post editor y otras entradas del usuario. • https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f https://github.com/cyberhobo/wordpress-geo-mashup/issues/817 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1383 – Geo Mashup < 1.8.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1383
Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. Vulnerabilidad de XSS en el Widget 'geo search' en el plugin Geo Mashup anterior a 1.8.3 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la clave de búsqueda. WordPress Geo Mashup plugin versions 1.8.2 and below suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2015/Jan/113 http://www.openwall.com/lists/oss-security/2015/01/27/26 https://wordpress.org/plugins/geo-mashup/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •