Vulnerabilities > Weplugins > WP Maps > 3.1.4

DATE CVE VULNERABILITY TITLE RISK
2025-05-01 CVE-2025-3502 Cross-site Scripting vulnerability in Weplugins WP Maps
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
weplugins CWE-79
4.8
4.8
2025-05-01 CVE-2025-3503 Cross-site Scripting vulnerability in Weplugins WP Maps
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
weplugins CWE-79
4.8
4.8
2025-05-01 CVE-2025-3504 Cross-site Scripting vulnerability in Weplugins WP Maps
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
weplugins CWE-79
4.8
4.8
2023-11-12 CVE-2023-28172 Cross-Site Request Forgery (CSRF) vulnerability in Weplugins WP Maps
Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.
network
low complexity
weplugins CWE-352
8.8
8.8
2023-04-04 CVE-2023-23878 Cross-site Scripting vulnerability in Weplugins WP Maps
Auth.
network
low complexity
weplugins CWE-79
5.4
5.4
2022-03-11 CVE-2022-25600 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
network
low complexity
weplugins fedoraproject CWE-352
8.8
8.8
2021-03-18 CVE-2021-24130 SQL Injection vulnerability in Weplugins WP Maps
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).
network
low complexity
weplugins CWE-89
7.2
7.2