Vulnerabilities > Mapsvg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-09 | CVE-2022-0592 | SQL Injection vulnerability in Mapsvg The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. | 7.5 |
| 2019-02-04 | CVE-2019-1000003 | Cross-Site Request Forgery (CSRF) vulnerability in Mapsvg Lite 3.2.3 MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. | 6.8 |