CVE-2026-5451
- EPSS 0.04%
- Veröffentlicht 08.04.2026 20:25:09
- Zuletzt bearbeitet 08.04.2026 21:26:13
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on use...
CVE-2025-66093
- EPSS 0.06%
- Veröffentlicht 21.11.2025 12:29:59
- Zuletzt bearbeitet 15.04.2026 00:35:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 4.8...
CVE-2025-12369
- EPSS 0.03%
- Veröffentlicht 04.11.2025 04:27:17
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `geojsonmarker` shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-s...
CVE-2023-31074
- EPSS 0.08%
- Veröffentlicht 17.08.2023 11:15:23
- Zuletzt bearbeitet 21.11.2024 08:01:21
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.