← back
CVE-2023-6627

WP Go Maps < 9.0.28 - Unauthenticated Stored XSS

CVSS 6.1 MEDIUMEPSS 0.6%
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · WP Go Maps (formerly WP Google Maps)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54