Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

flippercode — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting flippercode. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Flippercode develops WordPress and WooCommerce plugins for website functionality, with 12 recorded CVEs primarily involving remote code execution, cross-site scripting, and privilege escalation vulnerabilities. Historically, their plugins have contained flaws allowing unauthorized access and arbitrary code execution, often stemming from insufficient input validation and improper access controls. Notable incidents include multiple high-severity RCE vulnerabilities in their booking and membership plugins between 2020-2022, which remained unpatched for extended periods. Security researchers have consistently identified similar patterns across their product line, indicating systemic security gaps in their development practices.

Top products by flippercode: WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters WP Google Map Plugin (WordPress plugin) WordPress Plugin for Google Maps – WP MAPS WP Security Question Custom css-js-php WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) Text Prompter – Unlimited chatgpt text prompts for openai tasks Advanced Google Maps
CVE IDTitleCVSSSeverityPublished
CVE-2025-13364 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-79 6.4 Medium2026-04-16
CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-89 7.5 High2026-03-22
CVE-2026-3222 WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-89 7.5 High2026-03-11
CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-22 8.8 High2026-02-16
CVE-2025-39465 WordPress Advanced Google Maps plugin <= 5.8.4 - Broken Access Control vulnerability — Advanced Google MapsCWE-862 4.3 Medium2025-11-06
CVE-2024-11896 Text Prompter – Unlimited chatgpt text prompts for openai tasks <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Text Prompter – Unlimited chatgpt text prompts for openai tasksCWE-79 6.4 Medium2024-12-24
CVE-2024-2386 WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-89 8.8 High2024-06-29
CVE-2023-28172 WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF) — WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin)CWE-352 5.4 Medium2023-11-12
CVE-2021-4418 Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass — Custom css-js-phpCWE-352 4.3 Medium2023-10-20
CVE-2021-4386 WP Security Question <= 1.0.5 - Cross-Site Request Forgery Bypass — WP Security QuestionCWE-352 4.3 Medium2023-07-01
CVE-2023-23878 WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS) — WordPress Plugin for Google Maps – WP MAPSCWE-79 5.9 Medium2023-04-04
CVE-2022-25600 WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability — WP Google Map Plugin (WordPress plugin)CWE-352 5.4 Medium2022-03-11

This page lists every published CVE security advisory associated with flippercode. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.