Skip to main content

Leaflet Map

4 CVEs product

Monthly

CVE-2026-39646 MEDIUM This Month

Stored cross-site scripting (XSS) in bozdoz Leaflet Map WordPress plugin versions up to 3.4.4 allows authenticated attackers with low privileges to inject malicious scripts that execute in the browsers of site visitors, potentially leading to session hijacking, credential theft, or website defacement. The vulnerability has a low EPSS score (0.03%, 8th percentile) suggesting minimal real-world exploitation likelihood despite moderate CVSS severity, and no public exploit code or active exploitation has been confirmed.

XSS Leaflet Map
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-5050 MEDIUM PATCH This Month

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Leaflet Map
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2021-24467 MEDIUM POC This Month

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Leaflet Map
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-24468 MEDIUM POC This Month

The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Leaflet Map
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored cross-site scripting (XSS) in bozdoz Leaflet Map WordPress plugin versions up to 3.4.4 allows authenticated attackers with low privileges to inject malicious scripts that execute in the browsers of site visitors, potentially leading to session hijacking, credential theft, or website defacement. The vulnerability has a low EPSS score (0.03%, 8th percentile) suggesting minimal real-world exploitation likelihood despite moderate CVSS severity, and no public exploit code or active exploitation has been confirmed.

XSS Leaflet Map
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Leaflet Map
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS +1
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Leaflet Map
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy