Codecabin: >> Wp Go Maps >> 3.9 Security Vulnerabilities
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
CVSS Score
5.4
EPSS Score
0.009
Published
2021-06-21
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-09
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
CVSS Score
9.8
EPSS Score
0.894
Published
2019-04-02
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-03-22
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-10-22
Page 2