WordPress Plugin Vulnerabilities

Geo Mashup <= 1.10.3 - Unspecified Cross-Site Scripting (XSS)

Description

The Geo Mashup WordPress plugin was affected by an Unspecified Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
geo-mashup
Fixed in 1.10.4

References

CVE
CVE-2018-14071
URL
https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f
URL
https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt
URL
https://plugins.trac.wordpress.org/changeset/1907959/geo-mashup
URL
https://github.com/cyberhobo/wordpress-geo-mashup/issues/817

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.8 (critical)

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
31a99ea8-d5e6-41ba-9efe-cd447e6b8afb

Timeline

Publicly Published
2018-07-17 (about 7 years ago)
Added
2018-07-17 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-09-03
Title
Exifography <= 1.3.1 - Admin+ Stored XSS
Published
2023-09-27
Title
Sermon'e – Sermons Online <= 1.0.0 - Reflected XSS
Published
2021-01-15
Title
Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2023-05-31
Title
Yandex Metrica Counter <= 1.4.3 - Admin+ Stored XSS
Published
2025-03-24
Title
Pretty file links <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting