VYPR

Yamaps For Wordpress Plugin

by WordPress

CVEs (7)

  • CVE-2022-0537HigApr 4, 2022
    risk 0.47cvss 7.2epss 0.01

    The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet…

  • CVE-2025-14851MedFeb 19, 2026
    risk 0.42cvss 6.4epss 0.00

    The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2025-13958MedDec 29, 2025
    risk 0.38cvss 5.9epss 0.00

    The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…

  • CVE-2024-10104MedNov 15, 2024
    risk 0.38cvss 5.9epss 0.00

    The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

  • CVE-2023-0270MedFeb 13, 2023
    risk 0.35cvss 5.4epss 0.00

    The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…

  • CVE-2022-1780MedJun 13, 2022
    risk 0.35cvss 5.4epss 0.00

    The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation…

  • CVE-2025-2162MedApr 18, 2025
    risk 0.31cvss 4.8epss 0.00

    The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…