VYPR

Mapsvg

by WordPress

CVEs (16)

  • CVE-2025-68562CriDec 29, 2025
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3.

  • CVE-2025-47559CriJun 17, 2025
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through < 8.7.4.

  • CVE-2025-32682CriApr 17, 2025
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.6.4.

  • CVE-2025-54669CriAug 14, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.

  • CVE-2025-47561HigJun 9, 2025
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13.

  • CVE-2025-47558HigMay 23, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.

  • CVE-2025-54748MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through < 8.6.12.

  • CVE-2025-62930MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.7.22.

  • CVE-2024-9544MedMay 22, 2025
    risk 0.42cvss 6.4epss 0.00

    The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level…

  • CVE-2025-47557MedMay 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through <= 8.5.31.

  • CVE-2025-32683MedApr 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.6.6.

  • CVE-2025-47562MedMay 16, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG mapsvg allows Code Injection.This issue affects MapSVG: from n/a through <= 8.5.34.

  • CVE-2025-47560MedMay 16, 2025
    risk 0.33cvss 5.0epss 0.00

    Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through < 8.6.13.

  • CVE-2025-32684MedApr 9, 2025
    risk 0.33cvss 5.0epss 0.00

    Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through <= 8.6.4.

  • CVE-2022-0592May 9, 2022
    risk 0.06cvss epss 0.10

    The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.

  • CVE-2019-1000003Feb 4, 2019
    risk 0.00cvss epss 0.01

    MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via…