CVE-2023-23864 - Very Simple Google Maps <= 2.8.4 Contributor+ Cross Site Scripting

less than 1 minute read

CVE-2023-23864

Researcher

This vulnerability was discovered by @yuyudhn.

Description

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Very Simple Google Maps Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.9.

Details

Detail about software affected by CVE-2023-23864.

Parameter	Description
Software	Very Simple Google Maps
Type	WordPress Plugin
Developer	Michael Aronoff
Plugin URL	https://wordpress.org/plugins/very-simple-google-maps/
Vulnerable Version	<= 2.8.4
Classification	Cross Site Scripting (XSS)
Required privilege	Contributor
Publicly disclosed	20.01.2023

Proof of Concept

Not published yet.

References

CVE-2023-23864 - Patchstack
https://www.cve.org/CVERecord?id=CVE-2023-23864

Share on

Twitter Facebook LinkedIn

Yudha P.