WordPress Plugin Vulnerabilities

Google Maps v3 Shortcode <= 1.2.1 - Contributor+ XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
google-maps-v3-shortcode
No known fix

References

CVE
CVE-2023-23827

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
c69f821f-cfe9-47a0-b790-0cc790c6f047

Timeline

Publicly Published
2023-02-17 (about 1 years ago)
Added
2023-04-24 (about 1 years ago)
Last Updated
2023-04-24 (about 1 years ago)

Other

Published
Title
Published
2017-08-18
Title
WPJobBoard < 5.0 - Multiple Cross-Site Scripting (XSS)
Published
2014-08-01
Title
Amazon Affiliate Link Localizer <= 1.8.2 - amazon_affiliate_link_localizer.php amzn_com Parameter XSS
Published
2024-04-06
Title
Beaver Themer < 1.4.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Published
2023-03-22
Title
I Recommend This <= 3.8.3 - CSRF
Published
2022-12-16
Title
Vision Interactive For WordPress < 1.5.4 - Contributor+ Stored XSS