Vulnerability Description
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codecabin | Wp Go Maps | < 8.1.12 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-CrosExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954ExploitThird Party Advisory
- http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-CrosExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954ExploitThird Party Advisory
FAQ
What is CVE-2021-24383?
CVE-2021-24383 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Sc...
How severe is CVE-2021-24383?
CVE-2021-24383 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24383?
Check the references section above for vendor advisories and patch information. Affected products include: Codecabin Wp Go Maps.