关键漏洞信息 描述 漏洞类型: Stored Cross-Site Scripting (XSS) 受影响插件: YaMaps (< 0.6.40) 修复版本: 0.6.40 漏洞详情 CVE: 无明确CVE编号 OWASP Top 10: A7: Cross-Site Scripting (XSS) CWE: CWE-79 CVSS: 5.9 (中等) 证明概念 (PoC) 参考资料 报告者: Alex Tselevich (nos3curity) 提交网站: https://nosecurity.blog 提交者Twitter: nos3curity 验证状态: 已验证 时间线 公开发布: 2025-12-08 添加日期: 2025-12-08 最后更新: 2025-12-08 相关记录 Gutenify < 1.5.8 - Contributor+ Stored XSS: 2025-04-04 WP All Export < 1.3.6 - Reflected Cross-Site Scripting: 2022-06-14 iQ Block Country < 1.1.20 - Reflected Cross-Site Scripting: 2015-08-24 Post Layouts for Gutenberg <= 1.2.10 - Contributor+ Stored XSS: 2024-07-10 SUPER RESPONSIVE SLIDER <= 1.4 - Reflected Cross-Site Scripting: 2025-03-18 其他信息 WPVDB ID: 0d4bb338-f0d0-4b57-8664-1b8cba7cbe52