wp-plugin : google-maps-in-posts – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : google-maps-in-posts


Effected Version : 1.5.3 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : icon


Type of XSS : Reflected


Disclosure Timeline


Vendor Contacted : 2014-01-05

Plugin Status : Closed
Public Disclosure : July 7, 2014
CVE Number : Not assigned yet

Plugin Description :
Google Maps in Posts plugin for WordPress gives possibility to use Google Maps Services in your blog.
That could be useful for posts in WP, describing certain locations or events,
to indicate them immediately in the WP post with a map. The Google Maps Plugin
gives you a simple and easy Worpress administration back end to handle multiple
locations and your own location would be defined only once for all the maps of your WP blog.

Leave a Reply

Your email address will not be published. Required fields are marked *