CVE-2021-36871

Опубликовано: 09 сент. 2021

Источник: nvd

CVSS3: 5.5

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.

Ссылки

https://patchstack.com/database/vulnerability/wp-google-maps-pro/wordpress-wp-google-maps-pro-premium-plugin-8-1-11-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities
Third Party Advisory
https://www.wpgmaps.com/documentation/pro-changelog/
Release Notes
Vendor Advisory
https://patchstack.com/database/vulnerability/wp-google-maps-pro/wordpress-wp-google-maps-pro-premium-plugin-8-1-11-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities
Third Party Advisory
https://www.wpgmaps.com/documentation/pro-changelog/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:pro:wordpress:*:*

Версия до 8.1.11 (включая)

EPSS

Процентиль: 63%

0.00443

Низкий

5.5 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gxcf-q4pg-ghgr

CVSS3: 5.4

github

больше 3 лет назад

EPSS

Процентиль: 63%

0.00443

Низкий

5.5 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79