Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mapsmarker leaflet maps marker vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-1123
The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin prior to 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.
Mapsmarker Leaflet Maps Marker
5.4
CVSSv3
CVE-2022-4677
The Leaflet Maps Marker WordPress plugin prior to 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Mapsmarker Leaflet Maps Marker
NA
CVE-2012-2913
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
Mapsmarker Leaflet Maps Marker Plugin 0.0.1
2 EDB exploits
6.4
CVSSv3
CVE-2024-3670
The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started