Vulnerability CVE-2019-14792

Vulnerability CVE-2019-14792

Published: 2019-08-09

Description:

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Codecabin -> Wp google maps

References:

https://wordpress.org/plugins/wp-google-maps/#developers

https://wpvulndb.com/vulnerabilities/9442

https://www.pluginvulnerabilities.com/2019/07/08/recently-closed-wordpress-plugin-with-400000-installs-contains-another-authenticated-persistent-xss-vulnerability/

Vulnerability CVE-2019-14792

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.

CWE-79

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

3.5/10

2.9/10

6.8/10

Remote

Medium

Single time

None

Partial

None

Affected software

References: