Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/533699/100/0/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/70597 | Third Party Advisory VDB Entry |
https://wordpress.org/plugins/wp-google-maps/changelog | Product Release Notes |
https://www.htbridge.com/advisory/HTB23236 | Exploit |
Configurations
History
26 May 2023, 15:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.16:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.15:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.11:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.20:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.21:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.05:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:*:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.03:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.14:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.01:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.07:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.17:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.02:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.09:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.18:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.04:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.08:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.0:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.24:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.10:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.23:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.12:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.06:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.25:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.22:*:*:*:*:wordpress:*:* cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.19:*:*:*:*:wordpress:*:* |
cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:* |
First Time |
Codecabin wp Go Maps
Codecabin |
|
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/533699/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://wordpress.org/plugins/wp-google-maps/changelog - Product, Release Notes | |
References | (MISC) http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/70597 - Third Party Advisory, VDB Entry |
Information
Published : 2014-10-22 14:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-7182
Mitre link : CVE-2014-7182
CVE.ORG link : CVE-2014-7182
JSON object : View
Products Affected
codecabin
- wp_go_maps
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')