Cross-Site Scripting Vulnerability in wp-google-maps Plugin for WordPress
CVE-2019-9912

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
WP Go Maps
Vendor
CVE Published:
22 March 2019

Summary

The wp-google-maps plugin prior to version 7.10.43 for WordPress contains a Cross-Site Scripting (XSS) vulnerability. This security flaw can be exploited via the wp-admin/admin.php PATH_INFO, allowing attackers to inject malicious scripts into the webpage context, potentially compromising user data and session integrity. Users are advised to update to the latest version to mitigate this risk.

References

https://lists.openwall.net/full-disclosure/2019/02/05/13
x_refsource_MISC
https://security-consulting.icu/blog/2019/02/wordpress-wp...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Mar/41
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.