More information about this CVE will likely be available in a few days

Description

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Related CPE's

Could not find any relations

References

https://wpscan.com/vulnerability/0d4bb338-f0d0-4b57-8664-1b8cba7cbe52/

Weaknesses

Could not find any weaknesses

CVSS impact metrics

Could not find any metrics

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2025-12-29T06:15:51.430

2 hours ago

Last modified

2025-12-29T06:15:51.430

2 hours ago