Wp Maps
Monthly
Unauthenticated SQL injection in the WP Maps WordPress plugin (versions 4.9.1 and earlier, by Flipper Code) allows remote attackers to inject arbitrary SQL queries against the underlying WordPress database without any authentication or user interaction. With a CVSS 3.1 score of 9.3 and a scope-changed vector, successful exploitation can disclose sensitive database contents (users, hashed credentials, secrets) and affect availability. No public exploit identified at time of analysis, but the unauthenticated nature and trivial complexity make weaponization likely once technical details circulate.
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated SQL injection in the WP Maps WordPress plugin (versions 4.9.1 and earlier, by Flipper Code) allows remote attackers to inject arbitrary SQL queries against the underlying WordPress database without any authentication or user interaction. With a CVSS 3.1 score of 9.3 and a scope-changed vector, successful exploitation can disclose sensitive database contents (users, hashed credentials, secrets) and affect availability. No public exploit identified at time of analysis, but the unauthenticated nature and trivial complexity make weaponization likely once technical details circulate.
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.