CVE-2021-24383:Cross-Site Scripting vulnerability in WP Google Maps WordPress plugin before version 8.1.12

splash
Back

Description Preview

The WP Google Maps WordPress plugin before 8.1.12 contains a stored Cross-Site Scripting (XSS) vulnerability. The plugin fails to properly sanitize, validate, or escape the Map Name when it's displayed in the Map List of the admin dashboard. This allows authenticated users to inject malicious JavaScript code that executes when administrators view the Map List page.

Overview

This vulnerability (CVE-2021-24383) is classified as CWE-79 (Cross-Site Scripting) and affects the WP Google Maps WordPress plugin versions prior to 8.1.12. The issue stems from improper output handling of the Map Name parameter in the admin dashboard's Map List section. An authenticated attacker could create a map with a specially crafted name containing malicious JavaScript code. When an administrator views the list of maps in the dashboard, the injected code would execute within their browser session, potentially allowing the attacker to perform actions with administrator privileges, steal sensitive information, or redirect users to malicious websites.

Remediation

To address this vulnerability, website administrators should:

  1. Update the WP Google Maps plugin to version 8.1.12 or later immediately.
  2. Review existing maps for any suspicious names that might contain JavaScript code.
  3. Implement the principle of least privilege by limiting which users have permissions to create or edit maps.
  4. Consider using a Web Application Firewall (WAF) that can help detect and block XSS attacks.
  5. Regularly audit and update all WordPress plugins to their latest versions.

References

  1. Packet Storm Security Advisory: http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html
  2. WPScan Vulnerability Database: https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954
  3. Common Weakness Enumeration: CWE-79 (Cross-site Scripting)
  4. Official WordPress Plugin Repository: https://wordpress.org/plugins/wp-google-maps/

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background