Shodan
Vulnerabilities
Vulnerable Software
Weplugins:  >> Wp Maps  >> 2.3.9  Security Vulnerabilities
CVE-2025-3504
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-01
CVE-2025-3502
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-01
CVE-2025-3503
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-01
CVE-2023-28172
Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-12
CVE-2023-23878
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-04
CVE-2022-25600
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-11
CVE-2021-24130
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).
CVSS Score
7.2
EPSS Score
0.006
Published
2021-03-18
CVE-2015-9307
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-14
CVE-2015-9308
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-08-14
CVE-2015-9309
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-08-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved