cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forleaflet-maps-marker leaflet-maps-marker

Direction: ascending
Jun 06, 2024

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) # CVE-2022-1123

CVE, Research URL

CVE-2022-1123

Home page URL

Security reports for Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Application

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Date
Aug 29, 2022
Research Description
The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.
Affected versions
Min -, max -.
Status
vulnerable

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) # CVE-2022-4677

CVE, Research URL

CVE-2022-4677

Home page URL

Security reports for Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Application

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Date
Feb 07, 2023
Research Description
The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Affected versions
Min -, max -.
Status
vulnerable

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) # CVE-2024-3670

CVE, Research URL

CVE-2024-3670

Home page URL

Security reports for Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Application

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Date
May 02, 2024
Research Description
The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'mapwidthunit'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) # d102cc01a3a84b3f7452bbfc7c2f36b3390e311b

CVE, Research URL

d102cc01a3a84b3f7452bbfc7c2f36b3390e311b

Home page URL

Security reports for Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Application

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Date
Sep 20, 2015
Research Description
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) [leaflet-maps-marker] < 2.4 WordPress Leaflet Maps Marker Plugin <= 3.5.3 - SQL Injection This plugin is prone to tag multiple parameter SQL injection. Upgrade the plugin.
Affected versions
Min -, max -.
Status
vulnerable

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) # CVE-2012-2913

CVE, Research URL

CVE-2012-2913

Home page URL

Security reports for Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Application

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Date
May 22, 2012
Research Description
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
Affected versions
Min -, max -.
Status
vulnerable
May 06, 2025

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) # CVE-2024-38782

CVE, Research URL

CVE-2024-38782

Home page URL

Security reports for Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Application

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Date
Jul 22, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9.
Affected versions
Min -, max -.
Status
vulnerable