Vulnerabilities (CVE)

Filtered by vendor Codecabin Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6627 1 Codecabin 1 Wp Go Maps 2024-11-21 N/A 6.1 MEDIUM
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
CVE-2022-47595 1 Codecabin 1 Wp Go Maps 2024-11-21 N/A 4.9 MEDIUM
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.
CVE-2021-36871 1 Codecabin 1 Wp Go Maps 2024-11-21 3.5 LOW 5.5 MEDIUM
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.
CVE-2021-36870 1 Codecabin 1 Wp Go Maps 2024-11-21 3.5 LOW 5.5 MEDIUM
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address.
CVE-2021-24383 1 Codecabin 1 Wp Go Maps 2024-11-21 3.5 LOW 5.4 MEDIUM
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
CVE-2019-9912 1 Codecabin 1 Wp Go Maps 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
CVE-2019-14792 1 Codecabin 1 Wp Go Maps 2024-11-21 3.5 LOW 5.4 MEDIUM
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
CVE-2019-10692 1 Codecabin 1 Wp Go Maps 2024-11-21 7.5 HIGH 9.8 CRITICAL
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
CVE-2014-7182 1 Codecabin 1 Wp Go Maps 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.
CVE-2024-9127 1 Codecabin 1 Super Testimonials 2024-10-01 N/A 5.4 MEDIUM
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.