CVE-2021-24383

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
codecabinwp_go_maps
𝑥
< 8.1.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html
https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954
http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html
https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954