Cross-Site Scripting Vulnerability in Easy2Map Plugin for WordPress
CVE-2015-7668

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Easy2map
Vendor
CVE Published:
27 December 2017

Summary

The Easy2Map plugin for WordPress contains a cross-site scripting vulnerability due to insufficient validation of the map_id parameter in the 'includes/MapPinImageSave.php' file. This flaw enables remote attackers to inject malicious web scripts or HTML, which could compromise user data and interactions on affected websites. Users are advised to upgrade to the latest version to mitigate this risk.

References

https://wpvulndb.com/vulnerabilities/8205
x_refsource_MISC
https://wordpress.org/plugins/easy2map/#developers
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/536598/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.