WordPress Plugin Vulnerabilities

Snazzy Maps < 1.1.5 - Multiple Cross-Site Scripting (XSS)

Description

The Snazzy Maps WordPress plugin was affected by a Multiple Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
snazzy-maps
Fixed in 1.1.5

References

CVE
CVE-2018-17947
URL
https://seclists.org/fulldisclosure/2018/Jul/87
URL
https://www.defensecode.com/advisories/DC-2018-05-006_WordPress_Snazzy_Maps_Plugin_Advisory.pdf
URL
https://plugins.trac.wordpress.org/changeset/1918571/snazzy-maps

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
455795eb-7493-4814-8f80-59734614eeb0

Timeline

Publicly Published
2018-07-24 (about 7 years ago)
Added
2018-07-30 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-04-17
Title
Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS
Published
2025-06-18
Title
FastBook <= 1.1 - Reflected Cross-Site Scripting
Published
2017-01-24
Title
SEO Redirection < 4.3 - Stored Cross-Site Scripting (XSS)
Published
2024-07-16
Title
WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS
Published
2026-04-07
Title
Page Builder: Pagelayer < 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes