WordPress Plugin Vulnerabilities

WP Go Maps < 9.0.35 - Information Exposure to Potential Denial of Service

Description

The plugin is vulnerable to unauthenticated API key disclosure due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin.

Affects Plugins

Plugin icon
wp-google-maps
Fixed in 9.0.35

References

CVE
CVE-2023-6777
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/509cccbd-3aa0-45f1-84a0-387d678ebf65

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Hassan Khan Yusufzai, Danish Tariq
Verified
No
WPVDB ID
ec563f4e-6972-4bd1-afe6-d2ec54c3236d

Timeline

Publicly Published
2024-03-18 (about 2 years ago)
Added
2024-03-26 (about 2 years ago)
Last Updated
2024-03-26 (about 2 years ago)

Other

Published
Title
Published
2023-12-27
Title
Product Catalog Simple < 1.7.7 - Sensitive Information Exposure via Product CSV
Published
2025-12-08
Title
EasyCart < 5.8.12 - Unauthenticated Information Exposure
Published
2026-03-03
Title
WPBookit < 1.0.9 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure
Published
2024-02-02
Title
Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download
Published
2024-06-06
Title
FileOrganizer < 1.0.8 - Sensitive Information Exposure via Directory Listing