VYPR

Leaflet Map

by WordPress

Source repositories

CVEs (4)

  • CVE-2026-39646MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4.

  • CVE-2021-24467MedAug 9, 2021
    risk 0.42cvss 6.5epss 0.01

    The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing…

  • CVE-2023-5050MedOct 20, 2023
    risk 0.35cvss 6.4epss 0.00

    The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and…

  • CVE-2021-24468MedAug 2, 2021
    risk 0.35cvss 5.4epss 0.01

    The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues