WordPress Plugin Vulnerabilities
WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)
Description
The plugin did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed
Proof of Concept
Create a new map. Add an XSS payload to the title. Click "Show as map title". Add the map to a page or post with the shortcode.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Pratik Khalane
Submitter
Pratik Khalane
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-07-01 (about 2 years ago)
Added
2021-07-12 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)