CVE-2023-6627

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
codecabinwp_go_maps
𝑥
< 9.0.28
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/
https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54
https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/
https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54