← back
CVE-2021-24383

WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)

EPSS 2.3%CWE-79
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
Affected products
WP Google Maps · WP Google Maps
public PoCs found2
cve_referencepacketstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50051unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954