CVE-2021-24383

MEDIUM

Codecabin WP GO Maps < 8.1.12 - XSS

Title source: rule

Description

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

Exploits (1)

exploitdb WORKING POC

by Mohammed Adam · textwebappsphp

https://www.exploit-db.com/exploits/50051

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0087

EPSS Percentile 75.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

codecabin/wp_go_maps < 8.1.12

Published Jun 21, 2021

Tracked Since Feb 18, 2026