Unauthenticated API Key Disclosure in WP Go Maps Plugin by WordPress
CVE-2023-6777

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Go Maps (formerly WP Google Maps)
Vendor: CVE Published:; 9 April 2024

What is CVE-2023-6777?

The WP Go Maps plugin for WordPress contains a vulnerability that allows unauthenticated users to access the developer's Google API key. This weakness exists in versions up to and including 9.0.34 as the plugin improperly exposes the API key in multiple plugin files. Although the security of individual sites relying on this plugin is not compromised, attackers may leverage this exposure to make excessive requests using the key, potentially depleting its usage quota. This could lead to the disruption of the map functionality provided by the plugin, thereby impacting user experience.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WP Go Maps (formerly WP Google Maps) * <= 9.0.34

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Dec 13, 2023

Credit

Hassan Khan Yusufzai

Danish Tariq

JSON

Wordpress

What is CVE-2023-6777?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.