Wp Maps

wp_maps

Vendor: Weplugins • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-3504 1Weplugins 1Wp Maps Jun 17, 2026 May 1, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-3503 1Weplugins 1Wp Maps Jun 17, 2026 May 1, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-3502 1Weplugins 1Wp Maps Jun 17, 2026 May 1, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2023-28172 1Weplugins 1Wp Maps Jun 17, 2026 Nov 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.
CVE-2023-23878 1Weplugins 1Wp Maps Jun 17, 2026 Apr 4, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.
CVE-2022-25600 2Fedoraproject Weplugins 2Fedora Wp Maps Jun 17, 2026 Mar 11, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
CVE-2021-24502 1Weplugins 1Wp Maps Jun 17, 2026 Aug 9, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltere...Show more The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowedShow less
CVE-2021-24130 1Weplugins 1Wp Maps Jun 17, 2026 Mar 18, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).
CVE-2015-9309 1Weplugins 1Wp Maps May 7, 2025 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
CVE-2015-9308 1Weplugins 1Wp Maps May 7, 2025 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
CVE-2015-9307 1Weplugins 1Wp Maps May 7, 2025 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
CVE-2016-10878 1Weplugins 1Wp Maps May 7, 2025 Aug 12, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
CVE-2015-9305 1Weplugins 1Wp Maps May 7, 2025 Aug 12, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.