CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4677

The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.3%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2022-4677

Mapsmarker » Leaflet Maps Marker » Version: N/A

cpe:2.3:a:mapsmarker:leaflet_maps_marker:-
Mapsmarker » Leaflet Maps Marker » Version: 3.11

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.11
Mapsmarker » Leaflet Maps Marker » Version: 3.11.1

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.11.1
Mapsmarker » Leaflet Maps Marker » Version: 3.11.2

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.11.2
Mapsmarker » Leaflet Maps Marker » Version: 3.12

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.12
Mapsmarker » Leaflet Maps Marker » Version: 3.12.1

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.12.1
Mapsmarker » Leaflet Maps Marker » Version: 3.12.2

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.12.2
Mapsmarker » Leaflet Maps Marker » Version: 3.12.3

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.12.3
Mapsmarker » Leaflet Maps Marker » Version: 3.12.4

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.12.4
Mapsmarker » Leaflet Maps Marker » Version: 3.12.5

cpe:2.3:a:mapsmarker:leaflet_maps_marker:3.12.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4677

Products

Pricing

Contact Us