CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24502 – WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24502
The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed El plugin WP Google Map de WordPress versiones anteriores a 1.7.7, no saneaba o escapaba el título del mapa antes de mostrarlo en la página, conllevando a un problema de tipo Cross-Site Scripting Almacenado por parte de usuarios con altos privilegios, incluso cuando la capacidad unfiltered_html no estaba permitida • https://drive.google.com/file/d/1CbBlsf0Vt1QLBTnSC-vod2UCMm_NnZ2p/view?usp=sharing https://wpscan.com/vulnerability/f95c3a48-5228-4047-9b92-de985741d157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24130 – WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24130
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+). Una entrada no comprobada en el plugin de WordPress WP Google Map, versiones anteriores a 4.1.5, en la página Manage Locations dentro de la configuración del plugin era vulnerable a una inyección SQL por medio de un usuario muy privilegiado (admin+) • https://wpscan.com/vulnerability/46af9a4d-67ac-4e08-a753-a2a44245f4f8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0577 – WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps < 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0577
Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en el plugin WP Google Map, en versiones anteriores a la 4.0.4 para WordPress, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN01040170/index.html https://wordpress.org/plugins/wp-google-map-plugin/#developers https://wpvulndb.com/vulnerabilities/9610 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10878 – WP Google Map Plugin <= 3.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10878
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. El plugin wp-google-map-plugin anterior a la versión 3.1.2 para WordPress tiene XSS. • https://wordpress.org/plugins/wp-google-map-plugin/#developers https://wpvulndb.com/vulnerabilities/9741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9309 – WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-9309
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. El plugin wp-google-map-plugin versiones anteriores a 2.3.10 para WordPress, presenta una vulnerabilidad de tipo CSRF en la funcionalidad de categoría add/edit. The WP Google Map plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. • https://wordpress.org/plugins/wp-google-map-plugin/#developers https://wpvulndb.com/vulnerabilities/9766 • CWE-352: Cross-Site Request Forgery (CSRF) •