Lucene search
Daniel RufWPVDB-ID:8353AA12-DBB7-433F-9DD9-D61A3F303D4BHistoryMay 30, 2022 - 12:00 a.m.
Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF
2022-05-3000:00:00
Daniel Ruf
wpscan.com
5
0.001 Low
EPSS
Percentile
26.4%
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| google-maps-advanced | eq | * |
Related
nvd
nvd
CVE-2022-1829
2022-06-20 11:15:10
wpexploit
wpexploit
cnvd
cnvd
WordPress plugin Inline Google Maps cross-site request forgery vulnerability
2022-06-22 00:00:00
cve
cve
CVE-2022-1829
2022-06-20 11:15:10
cvelist
cvelist
prion
prion
Cross site scripting
2022-06-20 11:15:00