CVE-2023-31074 HIGH

CVE-2023-31074: WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Vendor Hupe13
Product Extensions for Leaflet Map
Weakness CWE-79 · XSS
Published August 17, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.

Key dates

02Disclosure timeline

August 17, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12240 Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter CVE-2025-58787 WordPress Themify Popup Plugin <= 1.4.2 - Cross Site Scripting (XSS) Vulnerability CVE-2024-9292 Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-23622 WordPress CBX Accounting & Bookkeeping plugin <= 1.3.14 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-24742 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)