4.1.9

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-01	CVE-2025-3502	Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). network low complexity weplugins CWE-79	4.8
2025-05-01	CVE-2025-3503	Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). network low complexity weplugins CWE-79	4.8
2025-05-01	CVE-2025-3504	Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). network low complexity weplugins CWE-79	4.8
2023-11-12	CVE-2023-28172	Cross-Site Request Forgery (CSRF) vulnerability in Weplugins WP Maps Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. network low complexity weplugins CWE-352	8.8
2023-04-04	CVE-2023-23878	Cross-site Scripting vulnerability in Weplugins WP Maps Auth. network low complexity weplugins CWE-79	5.4
2022-03-11	CVE-2022-25600	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). network low complexity weplugins fedoraproject CWE-352	8.8