Skip to main content

Extensions For Leaflet Map

2 CVEs product

Monthly

CVE-2026-57380 HIGH This Week

Stored/DOM-based cross-site scripting in the hupe13 "Extensions for Leaflet Map" WordPress plugin (all versions up to and including 5.1) lets an attacker inject script that executes in a victim's browser when they load a page rendering the crafted map content. Reported by Patchstack and carrying a 7.1 CVSS with a scope-changed vector, it requires victim interaction and yields limited confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Extensions For Leaflet Map
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-31074 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extensions For Leaflet Map
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 0% CVSS 7.1
HIGH This Week

Stored/DOM-based cross-site scripting in the hupe13 "Extensions for Leaflet Map" WordPress plugin (all versions up to and including 5.1) lets an attacker inject script that executes in a victim's browser when they load a page rendering the crafted map content. Reported by Patchstack and carrying a 7.1 CVSS with a scope-changed vector, it requires victim interaction and yields limited confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Extensions For Leaflet Map
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extensions For Leaflet Map
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy