WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent XSS vulnerabilities
CVE-2021-36871
5.5MEDIUM
Summary
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.
Affected Version(s)
WP Google Maps Pro 8.1.11
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Original researcher - Vlad Visse (Patchstack Red Team)