Cross-Site Scripting Vulnerabilities in WP Google Maps Plugin for WordPress
CVE-2014-7182

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Go Maps
Vendor: CVE Published:; 22 October 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the WP Google Maps plugin before version 6.0.27. These flaws allow remote attackers to inject arbitrary web scripts or HTML into the application. Exploitation can occur via the poly_id parameter through actions such as edit_poly, edit_polyline, or edit_marker on the wp-admin/admin.php page. This can lead to unauthorized access and manipulation of user data or site content, severely impacting website integrity and user trust.

References

https://wordpress.org/plugins/wp-google-maps/changelog

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/533699/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/70597

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 22, 2014
Vulnerability Reserved
Sep 25, 2014