VYPR

Wp Google Maps

by WordPress

Source repositories

CVEs (17)

  • CVE-2019-10692CriApr 2, 2019
    risk 0.73cvss 9.8epss 0.79

    In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.

  • CVE-2025-11307HigNov 11, 2025
    risk 0.58cvss 8.8epss 0.02

    The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.

  • CVE-2015-9309HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.

  • CVE-2015-9308HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.

  • CVE-2015-9307HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.

  • CVE-2024-2386HigJun 29, 2024
    risk 0.50cvss 8.8epss 0.00

    The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2025-67535MedDec 9, 2025
    risk 0.43cvss 6.6epss 0.00

    Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.

  • CVE-2023-6627MedJan 8, 2024
    risk 0.40cvss 6.1epss 0.01

    The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

  • CVE-2016-10878MedAug 12, 2019
    risk 0.40cvss 6.1epss 0.01

    The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.

  • CVE-2015-9305MedAug 12, 2019
    risk 0.40cvss 6.1epss 0.01

    The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.

  • CVE-2019-9912MedMar 22, 2019
    risk 0.40cvss 6.1epss 0.03

    The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.

  • CVE-2021-24383MedJun 21, 2021
    risk 0.38cvss 5.4epss 0.02

    The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

  • CVE-2021-36871MedSep 9, 2021
    risk 0.36cvss 5.5epss 0.01

    Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description,…

  • CVE-2021-36870MedSep 9, 2021
    risk 0.36cvss 5.5epss 0.01

    Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname,…

  • CVE-2019-14792MedAug 9, 2019
    risk 0.35cvss 5.4epss 0.01

    The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.

  • CVE-2025-11166MedOct 9, 2025
    risk 0.28cvss 5.4epss 0.00

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token…

  • CVE-2014-7182Oct 22, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the…