Vulnerability Description
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codecabin | Wp Go Maps | <= 8.1.11 |
Related Weaknesses (CWE)
References
- https://patchstack.com/database/vulnerability/wp-google-maps-pro/wordpress-wp-goThird Party Advisory
- https://www.wpgmaps.com/documentation/pro-changelog/Release NotesVendor Advisory
- https://patchstack.com/database/vulnerability/wp-google-maps-pro/wordpress-wp-goThird Party Advisory
- https://www.wpgmaps.com/documentation/pro-changelog/Release NotesVendor Advisory
FAQ
What is CVE-2021-36871?
CVE-2021-36871 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, ...
How severe is CVE-2021-36871?
CVE-2021-36871 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36871?
Check the references section above for vendor advisories and patch information. Affected products include: Codecabin Wp Go Maps.