CVE-2025-2279

Medium CVSS: 5.9

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Vendor

Robosoft

Product

Maps

CWE

CWE-79

Yayın Tarihi

2025-04-04 06:15:40

Güncelleme

2025-04-29 19:42:04

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Maps MEDIUM Robosoft 2025

Referanslar

https://wpscan.com/vulnerability/cd87d7ba-86e9-45b6-a3cd-11f6486f0bd0/

Benzer Kayıtlar

Medium

CVE-2024-13384

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some…

Medium

CVE-2024-10144

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some…

Low

CVE-2024-10102

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some…