Every CVE whose affected-product data names Codecabin Wp Go Maps, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2019-10692 — CVSS 9.8 (critical): In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before…
CVE-2024-29931 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGMaps WP Go Maps…
CVE-2024-5994 — CVSS 6.4 (medium): The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions…
CVE-2024-1582 — CVSS 6.4 (medium): The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza'…
CVE-2024-3557 — CVSS 6.4 (medium): The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza…
CVE-2019-9912 — CVSS 6.1 (medium): The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
CVE-2023-6627 — CVSS 6.1 (medium): The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which…
CVE-2021-36871 — CVSS 5.5 (medium): Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <=…
CVE-2019-14792 — CVSS 5.4 (medium): The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
CVE-2021-24383 — CVSS 5.4 (medium): The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the…
CVE-2023-6777 — CVSS 5.3 (medium): The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and…
CVE-2022-47595 — CVSS 4.9 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin…
CVE-2023-4839 — CVSS 4.4 (medium): The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due…
CVE-2025-24742 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through <=…
CVE-2014-7182 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to…