Extensions For Leaflet Map

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5451 MEDIUM This Month

Stored Cross-Site Scripting in Extensions for Leaflet Map plugin for WordPress allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via the 'elevation-track' shortcode due to insufficient input sanitization and output escaping, enabling arbitrary script execution whenever users access injected pages. The vulnerability affects all versions up to and including 4.14, with a CVSS score of 6.4 reflecting the moderate but significant impact across multiple users of the same WordPress installation.

WordPress XSS Extensions For Leaflet Map
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-5451
EPSS 0% CVSS 6.4
MEDIUM This Month

Stored Cross-Site Scripting in Extensions for Leaflet Map plugin for WordPress allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via the 'elevation-track' shortcode due to insufficient input sanitization and output escaping, enabling arbitrary script execution whenever users access injected pages. The vulnerability affects all versions up to and including 4.14, with a CVSS score of 6.4 reflecting the moderate but significant impact across multiple users of the same WordPress installation.

WordPress XSS Extensions For Leaflet Map
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy