The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
References
| Link | Resource |
|---|---|
| https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54 | Exploit Third Party Advisory |
| https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/ - Exploit, Third Party Advisory | |
| References | () https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54 - Exploit, Third Party Advisory |
11 Jan 2024, 20:00
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Codecabin wp Go Maps
Codecabin |
|
| CWE | CWE-79 | |
| CPE | cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:basic:wordpress:*:* | |
| References | () https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54 - Exploit, Third Party Advisory | |
| References | () https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/ - Exploit, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
08 Jan 2024, 19:30
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-08 19:15
Updated : 2024-11-21 08:44
NVD link : CVE-2023-6627
Mitre link : CVE-2023-6627
CVE.ORG link : CVE-2023-6627
JSON object : View
Products Affected
codecabin
- wp_go_maps
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')