2 matches found
CVE-2022-2424 Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting
The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2424
The CVE details a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Google Maps Anywhere plugin, versions up to 1.2.6.3. The flaw arises because the plugin does not sanitize or escape any settings, enabling an admin-level attacker to inject script when unfiltered_html is disallowed...