Vulnerabilities and security researches forgmap-embed gmap-embed
Direction: descendingMaps Plugin using Google Maps for WordPress – WP Google Map # CVE-2024-13306
- CVE, Research URL
- Home page URL
-
Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
- Date
- Feb 15, 2025
- Research Description
- The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 1.9.4.
- Status
-
vulnerable
Maps Plugin using Google Maps for WordPress – WP Google Map # CVE-2024-13208
- CVE, Research URL
- Home page URL
-
Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
- Date
- Feb 15, 2025
- Research Description
- The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 1.9.4.
- Status
-
vulnerable
Maps Plugin using Google Maps for WordPress – WP Google Map # CVE-2021-24502
- CVE, Research URL
- Home page URL
-
Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
- Date
- Aug 09, 2021
- Research Description
- The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed
- Affected versions
-
max 1.7.7.
- Status
-
vulnerable
Maps Plugin using Google Maps for WordPress – WP Google Map # CVE-2021-45729
- CVE, Research URL
- Home page URL
-
Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
- Date
- Jan 26, 2022
- Research Description
- The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.
- Affected versions
-
max 1.8.1.
- Status
-
vulnerable
Maps Plugin using Google Maps for WordPress – WP Google Map # CVE-2021-25011
- CVE, Research URL
- Home page URL
-
Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
- Date
- Feb 28, 2022
- Research Description
- The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
- Affected versions
-
max 1.8.1.
- Status
-
vulnerable
Maps Plugin using Google Maps for WordPress – WP Google Map # CVE-2021-25081
- CVE, Research URL
- Home page URL
-
Security reports for Maps Plugin using Google Maps for WordPress – WP Google Map
- Date
- Feb 28, 2022
- Research Description
- The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack
- Affected versions
-
max 1.8.4.
- Status
-
vulnerable