VulnerAlert



GOOGLE
WORDPRESS
12-12-2025 14:22

CVE-2025-13850 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#google
#site
#plugin
#cross
#web
#cross-site
#cross-site scripting
#attackers
#authenticated
#arbitrary
#vulnerable
#scripting
#inject
#execute
#attack
#access
Descripción
The LS Google Map Router plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'map_type' parameter in all versions up to, and including, 1.1.0 due insufficient input sanitization output escaping. This makes it possible authenticated attackers, with Contributor-level access above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page.
https://plugins.trac.wordpress.org/browser/ls-gmap-route/tags/1.1.0/ls-gmap_route.php#L61
https://plugins.trac.wordpress.org/browser/ls-gmap-route/trunk/ls-gmap_route.php#L61
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3581172-10d8-4b11-95f7-ee1835e29606?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-13850
Resultados similares
Coincidentes en almenos en 50% de los tags
15-12-2025 CVE-2025-14383
The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via t...
Ver información
15-12-2025 CVE-2025-13355
The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter befor...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por