Medium severity6.1NVD Advisory· Published Feb 26, 2020· Updated Jun 17, 2026
CVE-2019-19134
CVE-2019-19134
Description
The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Hero Maps Premium plugindescription
- Range: <=2.2.1
Patches
Vulnerability mechanics
References
4- www.hooperlabs.xyz/disclosures/cve-2019-19134.phpnvdExploitThird Party Advisory
- heroplugins.com/changelogs/hmaps/changelog.txtnvdRelease NotesVendor Advisory
- wpvulndb.com/vulnerabilities/10095nvdThird Party Advisory
- heroplugins.com/product/maps/nvdProduct
News mentions
0No linked articles in our index yet.