The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.
References
Link | Resource |
---|---|
https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54 | Exploit Third Party Advisory |
Configurations
History
11 Jan 2024, 20:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54 - Exploit, Third Party Advisory | |
References | () https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Codecabin wp Go Maps
Codecabin |
|
CWE | CWE-79 | |
CPE | cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:basic:wordpress:*:* |
08 Jan 2024, 19:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-08 19:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-6627
Mitre link : CVE-2023-6627
CVE.ORG link : CVE-2023-6627
JSON object : View
Products Affected
codecabin
- wp_go_maps
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')