CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32138 – WordPress Easy Google Maps plugin <= 1.11.17 - XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2025-32138
04 Apr 2025 — Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17. The Easy Google Maps plugin for WordPress is vulnerable to XML External Entity Injection in all versions up to, and including, 1.11.18. This is due to the plugin not properly filtering data included in XML. This makes it possible for authenticated attackers, with author-level access and above, to inject external entities which ... • https://patchstack.com/database/wordpress/plugin/google-maps-easy/vulnerability/wordpress-easy-google-maps-plugin-1-11-17-xml-external-entity-vulnerability?_s_id=cve • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31269 – WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31269
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Easy Google Maps. Este problema afecta a Easy Google Maps: desde n/a hasta 1.11.11. The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.11.11. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/google-maps-easy/wordpress-easy-google-maps-plugin-1-11-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •