Unrated severityNVD Advisory· Published May 21, 2012· Updated Apr 29, 2026

CVE-2012-2913

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.

Affected products

Mapsmarker/Leaflet Maps Marker Plugin
cpe:2.3:a:mapsmarker:leaflet_maps_marker_plugin:0.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.htmlnvdExploit
www.securityfocus.com/bid/53526nvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/75628nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000