Mapsmarker : Security Vulnerabilities, CVEs,
The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-02-06
Updated
2023-02-14
The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.
Max CVSS
7.2
EPSS Score
0.09%
Published
2022-08-29
Updated
2022-09-01
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-05-21
Updated
2017-08-29
3 vulnerabilities found