Mapsmarker : Security Vulnerabilities, CVEs,

CVE-2022-4677

The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-02-06
Updated
2023-02-14

CVE-2022-1123

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.
Max CVSS
7.2
EPSS Score
0.09%
Published
2022-08-29
Updated
2022-09-01

CVE-2012-2913

Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-05-21
Updated
2017-08-29
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close