WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

Note: The vendor attributed the issue in the changelog to the wrong reporter (us, WPScan, as we reported it on behalf of the reporter). This will be corrected in the next version

Proof of Concept

Steps to Reproduce:

1) Edit a map (e.g /wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1)
2) Change Map Name to <script>alert(document.cookie)</script>
3) Save the Map
4) Stored XSS will be triggered when viewing the Map List (/wp-admin/admin.php?page=wp-google-maps-menu)

POC Screenshots attached in dropbox link: https://www.dropbox.com/s/z4gc6386xcm83vm/Stored%20xss%20in%20WP%20Googlemaps.zip?dl=0

Affects Plugins

wp-google-maps
Fixed in version 8.1.12

References

CVE
CVE-2021-24383

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Mohammed Adam

Submitter

Mohammed Adam

Submitter twitter
iam_amdadam
Verified

Yes

WPVDB ID
1270588c-53fe-447e-b83c-1b877dc7a954

Timeline

Publicly Published

2021-06-07 (about 1 years ago)

Added

2021-06-07 (about 1 years ago)

Last Updated

2021-08-10 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin