WordPress Plugin Vulnerabilities

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.7 - Contributor+ Stored XSS via Shortcode

Description

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Proof of Concept

[mapsmarker lot='1' lat='1' mapwidth='" onmouseover="alert(1)"']

Affects Plugins

Plugin icon
leaflet-maps-marker
Fixed in 3.12.7

References

CVE
CVE-2022-4677

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
9c293098-de54-4a04-b13d-2a702200f02e

Timeline

Publicly Published
2023-01-12 (about 1 years ago)
Added
2023-01-12 (about 1 years ago)
Last Updated
2023-01-12 (about 1 years ago)

Other

Published
Title
Published
2022-12-28
Title
Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS
Published
2015-04-21
Title
WordPress 3.9-4.1.1 - Same-Origin Method Execution
Published
2023-02-02
Title
Multi-column Tag Map < 17.0.25 - Contributor+ Stored XSS
Published
2023-10-18
Title
WP Simple HTML Sitemap < 2.6 - Contributor+ Stored XSS
Published
2024-02-20
Title
Beaver Builder < 2.7.4.3 - Reflected XSS