Codecabin Wp_go_maps
16 CVEs affecting Codecabin Wp_go_maps. Latest disclosed: 2025-01-27. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-10692 | Critical | 9.8 | 2019-04-02 | In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. |
CVE-2024-29931 | High | 7.1 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP G… |
CVE-2024-5994 | Medium | 6.4 | 2024-06-14 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and includin… |
CVE-2024-3557 | Medium | 6.4 | 2024-05-24 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up… |
CVE-2024-1582 | Medium | 6.4 | 2024-03-13 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions… |
CVE-2023-6627 | Medium | 6.1 | 2024-01-08 | The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to sto… |
CVE-2019-9912 | Medium | 6.1 | 2019-03-22 | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. |
CVE-2021-36871 | Medium | 5.5 | 2021-09-09 | Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable pa… |
CVE-2021-36870 | Medium | 5.5 | 2021-09-09 | Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &d… |
CVE-2021-24383 | Medium | 5.4 | 2021-06-21 | The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading… |
CVE-2019-14792 | Medium | 5.4 | 2019-08-09 | The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. |
CVE-2023-6777 | Medium | 5.3 | 2024-04-09 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due… |
CVE-2022-47595 | Medium | 4.9 | 2023-03-14 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions. |
CVE-2023-4839 | Medium | 4.4 | 2024-03-13 | The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input… |
CVE-2025-24742 | Medium | 4.3 | 2025-01-27 | Cross-Site Request Forgery (CSRF) vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through <= 9.0.40. |
CVE-2014-7182 | | 2014-10-22 | Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web scr… |