VYPR
Vendor

Wpgmaps

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2024-2386HigJun 29, 2024
    risk 0.50cvss 8.8epss 0.00

    The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2026-4268MedMar 18, 2026
    risk 0.42cvss 6.4epss 0.00

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza_custom_js’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability…

  • CVE-2024-3557MedMay 24, 2024
    risk 0.42cvss 6.4epss 0.00

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-9028MedSep 25, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2023-6697MedJan 24, 2024
    risk 0.33cvss 6.1epss 0.01

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2025-11166MedOct 9, 2025
    risk 0.28cvss 5.4epss 0.00

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token…

  • CVE-2026-0593MedJan 24, 2026
    risk 0.27cvss 5.3epss 0.00

    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated…