VYPR

Google Maps For Wordpress

by WordPress

Source repositories

CVEs (7)

  • CVE-2020-12077HigApr 23, 2020
    risk 0.58cvss 8.8epss 0.06

    The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.

  • CVE-2020-12675HigMay 29, 2020
    risk 0.57cvss 8.8epss 0.03

    The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an…

  • CVE-2025-2055MedApr 3, 2025
    risk 0.44cvss 6.8epss 0.00

    The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

  • CVE-2025-27265MedFeb 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through <= 1.0.3.

  • CVE-2022-1829MedJun 20, 2022
    risk 0.42cvss 6.5epss 0.01

    The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and…

  • CVE-2021-25081MedFeb 28, 2022
    risk 0.42cvss 6.5epss 0.01

    The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack

  • CVE-2021-25011MedFeb 28, 2022
    risk 0.37cvss 5.7epss 0.00

    The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.