CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46780 – Easy Google Maps < 1.9.32 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-46780
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Easy Google Maps de WordPress versiones anteriores a 1.9.32, no escapa del parámetro tab antes de devolverlo a un atributo en el panel de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/cba4ccdd-9331-4ca0-b910-8f427ed9b540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46782 – Pricing Table by Supsystic < 1.9.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-46782
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Pricing Table by Supsystic de WordPress versiones anteriores a 1.9.5, no escapa el parámetro tab antes de devolverlo en un atributo en el panel de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/39e69487-aa53-4b78-a422-12515a6449bf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39346 – Google Maps Easy <= 1.9.33 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-39346
The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin Google Maps Easy de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a una comprobación insuficiente y saneamiento de entradas por medio de varios parámetros encontrados en el archivo ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php que permitían a atacantes con acceso de usuario administrativo inyectar scripts web arbitrarios, en versiones hasta 1.9.33 incluyéndola. Esto afecta a las instalaciones multisitio en las que unfiltered_html está deshabilitado para los administradores, y a los sitios en los que unfiltered_html está deshabilitado • https://github.com/BigTiger2020/word-press/blob/main/Google%20Maps%20Easy.md https://plugins.trac.wordpress.org/changeset/2620851/google-maps-easy/trunk/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39346 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-24276 – Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24276
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Contact Form by Supsystic versiones anteriores a 1.7.15, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Contact Form plugin version 1.7.14 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50344 http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24274 – Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24274
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Ultimate Maps by Supsystic versiones anteriores a 1.2.5, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50345 http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •