WordPress Plugin Vulnerabilities

Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The hmapsprem WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
hmapsprem
Fixed in 2.2.3

References

CVE
CVE-2019-19134
URL
https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
URL
https://heroplugins.com/changelogs/hmaps/changelog.txt

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Hooper Labs
Verified
No
WPVDB ID
d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01

Timeline

Publicly Published
2020-02-25 (about 6 years ago)
Added
2020-02-26 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2017-10-16
Title
Easy Appointments < 1.12.0 - Cross-Site Scripting (XSS)
Published
2017-01-11
Title
WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
Published
2024-06-05
Title
Qi Blocks < 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2025-08-29
Title
Ocean Extra < 2.5.0 - Contributor+ Stored XSS
Published
2026-02-09
Title
Whizz Plugins < 2.0.0 - Reflected Cross-Site Scripting