MapPress Maps for WordPress < 2.88.14 – Contributor+ Stored XSS | CVE 2023-6524 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape the Point of Interest Title and Description options in a map, allowing Contributor and above role to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor, add/edit a Map and search any location you want.

Add XSS Payload on Location’s detail (Location Name and Description): <img src onerror=alert(/XSS/)>

Save the map and insert it in a post via its shortcod

Affects Plugins

mappress-google-maps-for-wordpress

Fixed in 2.88.14

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/28a8f025-c2ab-4a5f-a99e-a2d19b14a190

URL

https://advisory.abay.sh/cve-2023-6524

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Akbar Kustirama

Verified

Yes

WPVDB ID

9dc410b0-d2de-41f6-9dee-9c7b1e98623f

Timeline

Publicly Published

2024-01-02 (about 2 years ago)

Added

2024-01-03 (about 2 years ago)

Last Updated

2024-01-11 (about 2 years ago)

Other

Published

Title

Published

2024-10-15

Title

Themesflat Addons For Elementor < 2.2.2 - Contributor+ Stored XSS

Published

2023-02-02

Title

Usersnap < 4.17 - Admin+ Stored XSS

Published

2023-10-16

Title

Lava Directory Manager <= 1.1.34 - Unauthenticated Stored XSS

Published

2023-05-16

Title

WP < 6.2.1 - Contributor+ Content Injection

Published

2025-01-17

Title

AZ Content Finder <= 0.1 - Reflected Cross-Site Scripting