Codecabin

Wp Go Maps

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-24742

  • EPSS 0.05%
  • Veröffentlicht 27.01.2025 15:15:16
  • Zuletzt bearbeitet 11.02.2025 15:53:48

Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40.

5.4

CVE-2024-5994

  • EPSS 0.27%
  • Veröffentlicht 14.06.2024 07:15:51
  • Zuletzt bearbeitet 11.02.2025 15:54:29

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly gra...

5.4

CVE-2024-3557

  • EPSS 0.23%
  • Veröffentlicht 24.05.2024 05:15:09
  • Zuletzt bearbeitet 11.02.2025 15:54:54

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on us...

6.5

CVE-2023-6777

  • EPSS 2.63%
  • Veröffentlicht 09.04.2024 19:15:12
  • Zuletzt bearbeitet 11.02.2025 15:56:04

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauth...

6.1

CVE-2024-29931

  • EPSS 4.73%
  • Veröffentlicht 27.03.2024 10:15:09
  • Zuletzt bearbeitet 11.02.2025 15:56:39

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.

5.4

CVE-2024-1582

  • EPSS 0.14%
  • Veröffentlicht 13.03.2024 02:15:51
  • Zuletzt bearbeitet 11.02.2025 15:57:12

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on ...

4.8

CVE-2023-4839

  • EPSS 0.16%
  • Veröffentlicht 13.03.2024 02:15:50
  • Zuletzt bearbeitet 11.02.2025 15:59:01

The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.1

CVE-2023-6627

Exploit
  • EPSS 1.16%
  • Veröffentlicht 08.01.2024 19:15:10
  • Zuletzt bearbeitet 18.06.2025 17:15:27

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

6.5

CVE-2022-47595

  • EPSS 0.31%
  • Veröffentlicht 14.03.2023 07:15:12
  • Zuletzt bearbeitet 21.11.2024 07:32:13

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.

5.4

CVE-2021-36870

  • EPSS 0.36%
  • Veröffentlicht 09.09.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:14:13

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &p...