WordPress Plugin Vulnerabilities

Contact Form Integrated With Google Maps 1.0-2.4 - Stored Cross-Site Scripting (XSS)

Description

The Contact Form Integrated With Google Maps WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
contact-form-integrated-with-google-maps
Fixed in 2.5

References

CVE
CVE-2014-7238
URL
https://g0blin.co.uk/cve-2014-7238/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
773ba72c-b81a-4eb1-9cec-0c2bdd046a74

Timeline

Publicly Published
2014-10-18 (about 11 years ago)
Added
2015-11-13 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-02-22
Title
Front End Users < 3.2.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
XSS in jobroller theme
Published
2025-03-21
Title
Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter
Published
2025-01-16
Title
CRUDLab Like Box <= 2.0.9 - Reflected Cross-Site Scripting
Published
2025-06-08
Title
WordPress Photo Gallery <= 1.1.0 - Reflected Cross-Site Scripting