Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.
References
Link | Resource |
---|---|
https://patchstack.com/database/vulnerability/wp-google-maps-pro/wordpress-wp-google-maps-pro-premium-plugin-8-1-11-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities | Third Party Advisory |
https://www.wpgmaps.com/documentation/pro-changelog/ | Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2021-09-09 12:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-36871
Mitre link : CVE-2021-36871
CVE.ORG link : CVE-2021-36871
JSON object : View
Products Affected
codecabin
- wp_go_maps
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')