WordPress WP Google Maps 6.0.26 Cross Site Scripting Vulnerability

🗓️ 16 Oct 2014 00:00:00Reported by High-Tech BridgeType

zdt🔗 0day.today👁 47 Views

WordPress WP Google Maps 6.0.26 XSS Vulnerabilit

Reporter	Title	Published	Views	Family All 12
CVE	CVE-2014-7182	22 Oct 201414:00	–	cve
Cvelist	CVE-2014-7182	22 Oct 201414:00	–	cvelist
EUVD	EUVD-2014-7059	7 Oct 202500:30	–	euvd
htbridge	Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin	24 Sep 201400:00	–	htbridge
NVD	CVE-2014-7182	22 Oct 201414:55	–	nvd
Packet Storm	WordPress WP Google Maps 6.0.26 Cross Site Scripting	15 Oct 201400:00	–	packetstorm
Patchstack	WordPress WP Google Maps Plugin <= 6.0.26 - Multiple XSS	25 Sep 201400:00	–	patchstack
Prion	Cross site scripting	22 Oct 201414:55	–	prion
Positive Technologies	PT-2014-7820 · WordPress · Wp Google Maps	22 Oct 201400:00	–	ptsecurity
securityvulns	Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin	16 Oct 201400:00	–	securityvulns

Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps 
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: September 29, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7182
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered three XSS vulnerabilities in WP Google Maps WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrators of vulnerable WP website.

1) Multiple XSS in WP Google Maps WordPress plugin: CVE-2014-7182

1.1 Input passed via the "poly_id" HTTP GET parameter to "/wp-admin/admin.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:

http://wordpress/wp-admin/admin.php?page=wp-google-maps-menu&action=edit_poly&map_id=1&poly_id=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E

1.2 Input passed via the "poly_id" HTTP GET parameter to "/wp-admin/admin.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:
http://wordpress/wp-admin/admin.php?page=wp-google-maps-menu&action=edit_polyline&map_id=1&poly_id=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E

1.3 Input passed via the "poly_id" HTTP GET parameter to "/wp-admin/admin.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:
http://wordpress/wp-admin/admin.php?page=wp-google-maps-menu&action=edit_marker&id=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E


-----------------------------------------------------------------------------------------------

Solution:

Update to WP Google Maps 6.0.27

More Information:
https://wordpress.org/plugins/wp-google-maps/changelog/

#  0day.today [2018-03-12]  #

16 Oct 2014 00:00Current

6.7Medium risk

Vulners AI Score6.7

EPSS0.00341