MidnightBSD

Advisories for weplugins

CVE-2015-9305 MEDIUM

The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
flippercode wp_google_map *
weplugins wp_maps *
CVE-2015-9307 MEDIUM

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
flippercode google_map *
flippercode wp_google_map *
weplugins wp_maps *
CVE-2015-9308 MEDIUM

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
flippercode google_map *
flippercode wp_google_map *
weplugins wp_maps *
CVE-2015-9309 MEDIUM

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
flippercode google_map *
flippercode wp_google_map *
weplugins wp_maps *
CVE-2016-10878 MEDIUM

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
flippercode google_map *
flippercode wp_google_map *
weplugins wp_maps *
CVE-2021-24130 MEDIUM

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
flippercode wp_google_map *
weplugins wp_maps *
CVE-2021-24502 LOW

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
flippercode wp_google_map *
weplugins wp_maps *
CVE-2022-25600 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
audit@patchstack.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
flippercode wp_google_map *
weplugins wp_maps *
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
CVE-2023-23878

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
audit@patchstack.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
flippercode google_map *
flippercode wp_google_map *
weplugins wp_maps *
CVE-2023-28172

Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
audit@patchstack.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
flippercode wp_google_map *
weplugins wp_maps *
CVE-2025-3502

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N 0.9 2.5
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
weplugins wp_maps *
CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.9 3.6
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
weplugins wp_maps *
CVE-2025-3504

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N 0.9 2.5
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
weplugins wp_maps *