WordPress Plugin Vulnerabilities

WP Google Maps <= 7.11.34 - CSRF to Stored XSS

Description

Lack of CSRF and authorisation checks, as well as sanitisation in the wpgmaps_head() function in legacy-core.php can lead to stored XSS issues

Affects Plugins

Plugin icon
wp-google-maps
Fixed in 7.11.35

References

CVE
CVE-2019-14792
URL
https://plugins.trac.wordpress.org/changeset/2119722

Miscellaneous

Verified
No
WPVDB ID
7b392e1e-7c5b-4517-967f-cdffe126d292

Timeline

Publicly Published
2019-07-08 (about 6 years ago)
Added
2019-07-09 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-05-13
Title
Booking Calendar Contact Form <= 1.0.2 - Multiple Authenticated Vulnerabilities
Published
2016-07-06
Title
WP Maintenance Mode <= 2.0.6 - Authenticated Multisite Remote Code Execution
Published
2017-05-18
Title
EELV Newsletter < 4.6.1 - CSRF & XSS
Published
2015-09-26
Title
Appointment Booking Calendar < 1.1.8 - Multiple Reflected Cross-Site Scripting (XSS) and SQL Injection
Published
2014-10-17
Title
XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)