Extensions For Leaflet Map
Monthly
Stored/DOM-based cross-site scripting in the hupe13 "Extensions for Leaflet Map" WordPress plugin (all versions up to and including 5.1) lets an attacker inject script that executes in a victim's browser when they load a page rendering the crafted map content. Reported by Patchstack and carrying a 7.1 CVSS with a scope-changed vector, it requires victim interaction and yields limited confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored/DOM-based cross-site scripting in the hupe13 "Extensions for Leaflet Map" WordPress plugin (all versions up to and including 5.1) lets an attacker inject script that executes in a victim's browser when they load a page rendering the crafted map content. Reported by Patchstack and carrying a 7.1 CVSS with a scope-changed vector, it requires victim interaction and yields limited confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.