Vulnerabilities and security researches forgmap-embed gmap-embed

Jun 06, 2024

CVE, Research URL: CVE-2021-24502
Home page URL: Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
Application: Maps Plugin using Google Maps for WordPress – WP Google Map
Date: Aug 09, 2021
Research Description: The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed
Affected versions: max 1.7.7.
Status: vulnerable

CVE, Research URL: CVE-2021-45729
Home page URL: Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
Application: Maps Plugin using Google Maps for WordPress – WP Google Map
Date: Jan 26, 2022
Research Description: The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.
Affected versions: max 1.8.1.
Status: vulnerable

CVE, Research URL: CVE-2021-25011
Home page URL: Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
Application: Maps Plugin using Google Maps for WordPress – WP Google Map
Date: Feb 28, 2022
Research Description: The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
Affected versions: max 1.8.1.
Status: vulnerable

CVE, Research URL: CVE-2021-25081
Home page URL: Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
Application: Maps Plugin using Google Maps for WordPress – WP Google Map
Date: Feb 28, 2022
Research Description: The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack
Affected versions: max 1.8.4.
Status: vulnerable

Feb 18, 2025

CVE, Research URL: CVE-2024-13306
Home page URL: Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
Application: Maps Plugin using Google Maps for WordPress – WP Google Map
Date: Feb 15, 2025
Research Description: The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.9.4.
Status: vulnerable

CVE, Research URL: CVE-2024-13208
Home page URL: Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
Application: Maps Plugin using Google Maps for WordPress – WP Google Map
Date: Feb 15, 2025
Research Description: The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.9.4.
Status: vulnerable