CVE-2021-24383

MEDIUM

WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting in Map List

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-24383. PoCs published by Mohammed Adam.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in WordPress Plugin WP Google Maps 8.1.11. The attacker can inject malicious JavaScript code into the Map Name field, which executes when viewing the Map List.

Description

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

Exploits (1)

exploitdb WORKING POC

by Mohammed Adam · textwebappsphp

https://www.exploit-db.com/exploits/50051

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in WordPress Plugin WP Google Maps 8.1.11. The attacker can inject malicious JavaScript code into the Map Name field, which executes when viewing the Map List.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin WP Google Maps 8.1.11

Auth required

Prerequisites: Access to WordPress admin panel · Ability to edit a map

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0234

EPSS Percentile 81.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

codecabin/wp_go_maps < 8.1.12

Published Jun 21, 2021

Tracked Since Feb 18, 2026