exploitDog

CVE-2023-6627

Опубликовано: 08 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

Ссылки

https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54
Exploit
Third Party Advisory
https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:basic:wordpress:*:*

Версия до 9.0.28 (исключая)

EPSS

Процентиль: 78%

0.01157

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-877p-v8mm-jqg9

CVSS3: 6.1

github

около 2 лет назад

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

EPSS

Процентиль: 78%

0.01157

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79