CVE-2012-2913

Leaflet Maps Marker Plugin 0.0.1 - Cross-Site Scripting via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2913. PoCs published by Heine Pedersen.

AI-analyzed exploit summary The exploit describes a reflected XSS vulnerability in the Leaflet plugin for WordPress due to improper input sanitization. The provided URL demonstrates the injection of arbitrary JavaScript code via the 'id' parameter.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Heine Pedersen · textwebappsphp
https://www.exploit-db.com/exploits/37192

The exploit describes a reflected XSS vulnerability in the Leaflet plugin for WordPress due to improper input sanitization. The provided URL demonstrates the injection of arbitrary JavaScript code via the 'id' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Leaflet plugin for WordPress 0.0.1
No auth needed
Prerequisites: Access to a vulnerable WordPress installation with the Leaflet plugin
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Heine Pedersen · textwebappsphp
https://www.exploit-db.com/exploits/37191

This exploit demonstrates a reflected XSS vulnerability in the Leaflet WordPress plugin by injecting arbitrary JavaScript via the 'id' parameter in the admin interface. The PoC URL triggers an alert dialog, proving the lack of input sanitization.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Leaflet WordPress plugin 0.0.1
Auth required
Prerequisites: Access to a vulnerable WordPress admin interface · Victim interaction or CSRF to trigger the payload
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75628
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53526

Scores

EPSS 0.0382
EPSS Percentile 88.8%

Details

CWE
CWE-79
Status published
Products (1)
mapsmarker/leaflet_maps_marker_plugin 0.0.1
Published May 21, 2012
Tracked Since Feb 18, 2026