Cross-Site Scripting Vulnerability in Geo Mashup Plugin for WordPress
CVE-2015-1383

Currently unrated

Key Information:

Vendor: Wordpress
Status: Geo Mashup
Vendor: CVE Published:; 2 February 2015

Summary

The Geo Mashup plugin for WordPress contains a cross-site scripting (XSS) vulnerability that enables remote attackers to insert arbitrary web scripts or HTML through the search key in the geo search widget. This flaw, existing in versions prior to 1.8.3, can lead to unauthorized actions being executed on behalf of users, potentially compromising sensitive data or user sessions.

References

http://seclists.org/fulldisclosure/2015/Jan/113

mailing-listx_refsource_FULLDISC

https://wordpress.org/plugins/geo-mashup/changelog/

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/01/27/26

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Feb 2, 2015
Vulnerability Reserved
Jan 27, 2015