CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27274 – WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2025-27274
21 Feb 2025 — Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11. The GPX Viewer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.11. This makes it possible for authenticated attackers, with Editor-level access and above, to perform actions on files outside of the originally intended directory. • https://patchstack.com/database/wordpress/plugin/gpx-viewer/vulnerability/wordpress-gpx-viewer-plugin-2-2-11-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27313 – WordPress Google Maps GPX Viewer Plugin <= 3.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27313
21 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bernd Altmeier Google Maps GPX Viewer allows Reflected XSS. This issue affects Google Maps GPX Viewer: from n/a through 3.6. The Google Maps GPX Viewer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag... • https://patchstack.com/database/wordpress/plugin/google-maps-gpx-viewer/vulnerability/wordpress-google-maps-gpx-viewer-plugin-3-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •