cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3670,https://securityvulnerability.io/vulnerability/CVE-2024-3670,Stored Cross-Site Scripting in Leaflet Maps Marker Plugin for WordPress,"The Leaflet Maps Marker plugin for WordPress contains a vulnerability that allows authenticated attackers with contributor-level access or higher to perform stored cross-site scripting attacks. This occurs through the plugin's 'mapsmarker' shortcode, which inadequately sanitizes and escapes user-supplied attributes, such as 'mapwidthunit'. As a result, attackers can inject arbitrary web scripts into pages, which will be executed in the browsers of users who visit the compromised pages.",Wordpress,"Leaflet Maps Marker (google Maps, Openstreetmap, Bing Maps)",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:10.332Z,0
CVE-2023-5050,https://securityvulnerability.io/vulnerability/CVE-2023-5050,Stored Cross-Site Scripting Vulnerability in Leaflet Map Plugin for WordPress,"The Leaflet Map plugin for WordPress has a vulnerability that allows authenticated users with contributor-level permissions or higher to exploit stored cross-site scripting. The issue arises from inadequate input sanitization and output escaping within shortcodes, enabling attackers to implant malicious scripts into webpages. These scripts execute whenever a user accesses the compromised page, potentially leading to data theft and other harmful consequences.",Wordpress,Leaflet Map,5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0
CVE-2022-4677,https://securityvulnerability.io/vulnerability/CVE-2022-4677,"Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.7 - Contributor+ Stored XSS via Shortcode","The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.",Wordpress,"Leaflet Maps Marker (google Maps, Openstreetmap, Bing Maps)",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T19:59:40.495Z,0
CVE-2022-1123,https://securityvulnerability.io/vulnerability/CVE-2022-1123," Leaflet Maps Marker < 3.12.5 - Admin+ SQLi","The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.",Wordpress,"Leaflet Maps Marker (google Maps, Openstreetmap, Bing Maps)",7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-08-29T14:40:24.000Z,0
CVE-2021-24467,https://securityvulnerability.io/vulnerability/CVE-2021-24467,Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS,"The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or using malicious attributions which will be executed in all page with an embed map from the plugin",Wordpress,Leaflet Map,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2021-08-09T10:04:05.000Z,0
CVE-2021-24468,https://securityvulnerability.io/vulnerability/CVE-2021-24468,Leaflet Map < 3.0.0 - Contributor+ Stored XSS,"The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues",Wordpress,Leaflet Map,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-08-02T10:32:11.000Z,0
CVE-2012-2913,https://securityvulnerability.io/vulnerability/CVE-2012-2913,,"Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.",Wordpress,Leaflet Maps Marker Plugin,,,0.0017000000225380063,false,,false,false,false,,false,false,2012-05-21T18:00:00.000Z,0