Google Maps Cp
Monthly
Stored/reflected Cross-Site Scripting in the Google Maps CP WordPress plugin (versions 1.2.5 and earlier, vendor CodePeople) lets an unauthenticated attacker inject malicious script that executes in a victim's browser after they interact with a crafted link or page. The flaw carries a CVSS 3.1 base score of 7.1 with a scope change, reflecting impact beyond the vulnerable component into the wider WordPress session. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Missing Authorization vulnerability in CodePeople Google Maps CP.0.43. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stored/reflected Cross-Site Scripting in the Google Maps CP WordPress plugin (versions 1.2.5 and earlier, vendor CodePeople) lets an unauthenticated attacker inject malicious script that executes in a victim's browser after they interact with a crafted link or page. The flaw carries a CVSS 3.1 base score of 7.1 with a scope change, reflecting impact beyond the vulnerable component into the wider WordPress session. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Missing Authorization vulnerability in CodePeople Google Maps CP.0.43. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.