cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3670,https://securityvulnerability.io/vulnerability/CVE-2024-3670,Stored Cross-Site Scripting in Leaflet Maps Marker Plugin for WordPress,"The Leaflet Maps Marker plugin for WordPress contains a vulnerability that allows authenticated attackers with contributor-level access or higher to perform stored cross-site scripting attacks. This occurs through the plugin's 'mapsmarker' shortcode, which inadequately sanitizes and escapes user-supplied attributes, such as 'mapwidthunit'. As a result, attackers can inject arbitrary web scripts into pages, which will be executed in the browsers of users who visit the compromised pages.",Wordpress,"Leaflet Maps Marker (google Maps, Openstreetmap, Bing Maps)",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:10.332Z,0
CVE-2022-4677,https://securityvulnerability.io/vulnerability/CVE-2022-4677,"Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.7 - Contributor+ Stored XSS via Shortcode","The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.",Wordpress,"Leaflet Maps Marker (google Maps, Openstreetmap, Bing Maps)",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T19:59:40.495Z,0
CVE-2022-1123,https://securityvulnerability.io/vulnerability/CVE-2022-1123," Leaflet Maps Marker < 3.12.5 - Admin+ SQLi","The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.",Wordpress,"Leaflet Maps Marker (google Maps, Openstreetmap, Bing Maps)",7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-08-29T14:40:24.000Z,0