cbcvebase.

Wpgmaps Wp Go Maps vulnerabilities

12 known vulnerabilities affecting wpgmaps/wp_go_maps.

Total CVEs
12
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2024-29931P2MEDIUMCVSS 6.1ExploitedPoC≤ 9.0.292024-03-27
CVE-2024-29931 [MEDIUM] CWE-79 CVE-2024-29931: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through <= 9.0.29.
nvd
CVE-2023-6697P3MEDIUMCVSS 6.1PoC≤ 9.0.282024-01-24
CVE-2023-6697 [MEDIUM] CWE-79 CVE-2023-6697: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they
nvd
CVE-2023-6777P3MEDIUMCVSS 6.5≤ 9.0.342024-04-09
CVE-2023-6777 [MEDIUM] CWE-200 CVE-2023-6777: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API k The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security o
nvd
CVE-2025-24742P3HIGHCVSS 8.8≤ 9.0.402025-01-27
CVE-2025-24742 [HIGH] CWE-352 CVE-2025-24742: Cross-Site Request Forgery (CSRF) vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affe Cross-Site Request Forgery (CSRF) vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through <= 9.0.40.
nvd
CVE-2026-4268P4MEDIUMCVSS 6.4≤ 10.0.052026-03-18
CVE-2026-4268 [MEDIUM] CWE-79 CVE-2026-4268: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scr The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza_custom_js’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the 'admin_post_wpgmza_save_settings' hook anonymous function. This makes
nvd
CVE-2025-11703P4MEDIUMCVSS 5.3≤ 9.0.482025-10-18
CVE-2025-11703 [MEDIUM] CWE-349 CVE-2025-11703: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in al The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location sea
nvd
CVE-2026-0593P4MEDIUMCVSS 5.3≤ 10.0.042026-01-24
CVE-2026-0593 [MEDIUM] CWE-862 CVE-2026-0593: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modifica The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engi
nvd
CVE-2025-11166P4MEDIUMCVSS 5.4≤ 9.0.462025-10-09
CVE-2025-11166 [MEDIUM] CWE-352 CVE-2025-11166: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request Fo The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having destructive logic reachable via GET requests with no perm
nvd
CVE-2024-5994P4MEDIUMCVSS 5.4≤ 9.0.382024-06-14
CVE-2024-5994 [MEDIUM] CWE-79 CVE-2024-5994: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scr The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contributor-level permissions and above, to inject arbitrary
nvd
CVE-2024-3557P4MEDIUMCVSS 5.4≤ 9.0.362024-05-24
CVE-2024-3557 [MEDIUM] CWE-79 CVE-2024-3557: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scr The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acces
nvd
CVE-2024-1582P4MEDIUMCVSS 5.4≤ 9.0.322024-03-13
CVE-2024-1582 [MEDIUM] CWE-79 CVE-2024-1582: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scr The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and
nvd
CVE-2023-4839P4MEDIUMCVSS 4.8≤ 9.0.322024-03-13
CVE-2023-4839 [MEDIUM] CWE-79 CVE-2023-4839: The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in vers The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute w
nvd
Wpgmaps Wp Go Maps vulnerabilities | cvebase