Vulnerabilities > Codecabin

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2023-6627 Cross-site Scripting vulnerability in Codecabin WP GO Maps
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
network
low complexity
codecabin CWE-79
6.1
2023-03-14 CVE-2022-47595 Path Traversal vulnerability in Codecabin WP GO Maps
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.
network
low complexity
codecabin CWE-22
6.5
2021-09-09 CVE-2021-36870 Cross-site Scripting vulnerability in Codecabin WP GO Maps
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12).
network
low complexity
codecabin CWE-79
5.4
2021-09-09 CVE-2021-36871 Cross-site Scripting vulnerability in Codecabin WP GO Maps
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11).
network
low complexity
codecabin CWE-79
5.4
2021-06-21 CVE-2021-24383 Cross-site Scripting vulnerability in Codecabin WP GO Maps
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
network
low complexity
codecabin CWE-79
5.4
2019-08-09 CVE-2019-14792 Cross-site Scripting vulnerability in Codecabin WP GO Maps
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
network
low complexity
codecabin CWE-79
5.4
2019-04-02 CVE-2019-10692 SQL Injection vulnerability in Codecabin WP GO Maps
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
network
low complexity
codecabin CWE-89
critical
9.8
2019-03-22 CVE-2019-9912 Cross-site Scripting vulnerability in Codecabin WP GO Maps
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
network
low complexity
codecabin CWE-79
6.1