Lucene search
Mohammed AdamPACKETSTORM:163261HistoryJun 23, 2021 - 12:00 a.m.
WordPress WP Google Maps 8.1.11 Cross Site Scripting
2021-06-2300:00:00
Mohammed Adam
packetstormsecurity.com
112
0.001 Low
EPSS
Percentile
41.2%
`# Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
# Date: 22/6/2021
# Exploit Author: Mohammed Adam
# Vendor Homepage: https://www.wpgmaps.com/
# Software Link: https://wordpress.org/plugins/wp-google-maps/
# Version: 5.7.2
# Tested on: Windows 10
# CVE: CVE-2021-24383
# References link: https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954
*Proof of Concept*
*Steps to Reproduce:*
1) Edit a map (e.g
/wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1)
2) Change Map Name to <script>alert(document.cookie)</script>
3) Save the Map
4) Stored XSS will be triggered when viewing the Map List
(/wp-admin/admin.php?page=wp-google-maps-menu)
`
Related
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2021-24383
2021-06-21 20:15:09
zdt
zdt
wpvulndb
wpvulndb
WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-07 00:00:00
cve
cve
CVE-2021-24383
2021-06-21 20:15:09
prion
prion
Cross site scripting
2021-06-21 20:15:00
wpexploit
wpexploit
WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-07 00:00:00
exploitdb
exploitdb
WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
2021-06-23 00:00:00
openvas
openvas
WordPress Google Maps Plugin < 8.1.12 Multiple XSS Vulnerabilities
2021-09-30 00:00:00