CVE-2014-7182

Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*

History

26 May 2023, 15:00

Type Values Removed Values Added
CPE cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.16:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.20:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.21:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.05:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.03:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.01:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.07:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.17:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.02:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.09:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.18:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.04:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.08:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.24:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.23:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.06:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.25:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.22:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.19:*:*:*:*:wordpress:*:*
cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*
First Time Codecabin wp Go Maps
Codecabin
References (BUGTRAQ) http://www.securityfocus.com/archive/1/533699/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/533699/100/0/threaded - Third Party Advisory, VDB Entry
References (CONFIRM) https://wordpress.org/plugins/wp-google-maps/changelog - Patch (CONFIRM) https://wordpress.org/plugins/wp-google-maps/changelog - Product, Release Notes
References (MISC) http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html - Exploit (MISC) http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/70597 - (BID) http://www.securityfocus.com/bid/70597 - Third Party Advisory, VDB Entry

Information

Published : 2014-10-22 14:55

Updated : 2024-02-28 12:20


NVD link : CVE-2014-7182

Mitre link : CVE-2014-7182

CVE.ORG link : CVE-2014-7182


JSON object : View

Products Affected

codecabin

  • wp_go_maps
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')