ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Google Maps Plugin <= 6.0.26 - Multiple XSS

Product
WP Google Maps
Description
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "poly_id" parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2014-7182
Versions
Affected In <= 6.0.26
Fixed In 6.0.27
Disclosure date
2014-09-25
Credits
High-Tech Bridge