CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25011 – WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update
https://notcve.org/view.php?id=CVE-2021-25011
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. El plugin Maps usando Google Maps para WordPress versiones anteriores a 1.8.1, no presenta una autorización adecuada y CSRF en la mayoría de sus acciones AJAX, lo que podría permitir a cualquier usuario autenticado, como el suscriptor, eliminar entradas arbitrarias y actualizar la configuración del plugin. • https://plugins.trac.wordpress.org/changeset/2641450 https://wpscan.com/vulnerability/6639da0d-6d29-46c1-a3cc-5e5626305833 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24502 – WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24502
The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed El plugin WP Google Map de WordPress versiones anteriores a 1.7.7, no saneaba o escapaba el título del mapa antes de mostrarlo en la página, conllevando a un problema de tipo Cross-Site Scripting Almacenado por parte de usuarios con altos privilegios, incluso cuando la capacidad unfiltered_html no estaba permitida • https://drive.google.com/file/d/1CbBlsf0Vt1QLBTnSC-vod2UCMm_NnZ2p/view?usp=sharing https://wpscan.com/vulnerability/f95c3a48-5228-4047-9b92-de985741d157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24130 – WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24130
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+). Una entrada no comprobada en el plugin de WordPress WP Google Map, versiones anteriores a 4.1.5, en la página Manage Locations dentro de la configuración del plugin era vulnerable a una inyección SQL por medio de un usuario muy privilegiado (admin+) • https://wpscan.com/vulnerability/46af9a4d-67ac-4e08-a753-a2a44245f4f8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0577 – WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps < 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0577
Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en el plugin WP Google Map, en versiones anteriores a la 4.0.4 para WordPress, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN01040170/index.html https://wordpress.org/plugins/wp-google-map-plugin/#developers https://wpvulndb.com/vulnerabilities/9610 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10878 – WP Google Map Plugin <= 3.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10878
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. El plugin wp-google-map-plugin anterior a la versión 3.1.2 para WordPress tiene XSS. • https://wordpress.org/plugins/wp-google-map-plugin/#developers https://wpvulndb.com/vulnerabilities/9741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •