CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32684 – WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-32684
09 Apr 2025 — Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32. The MapSVG – Vector maps, Image maps, Google Maps plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 8.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized ... • https://patchstack.com/database/wordpress/plugin/mapsvg-lite-interactive-vector-maps/vulnerability/wordpress-mapsvg-lite-plugin-8-5-32-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 69%CPEs: 1EXPL: 1CVE-2022-0592 – MapSVG < 6.2.20 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-0592
18 Apr 2022 — The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. El plugin MapSVG de WordPress versiones hasta 6.2.20, no comprueba y escapa de un parámetro por medio de un endpoint REST antes de usarlo en una sentencia SQL, conllevando a una inyección SQL explotable por usuarios no autenticados • https://wpscan.com/vulnerability/5d8d53ad-dc88-4b50-a292-fc447484c27b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1000003 – MapSVG Lite < 3.3.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-1000003
08 Jan 2019 — MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later. MapSVG MapSVG Lite 3.2.3 contiene una vulnerabilidad Cross-Site Request Forgery (CSRF) en el ... • https://advisories.dxw.com/advisories/csrf-mapsvg-lite • CWE-352: Cross-Site Request Forgery (CSRF) •