10Web Map Builder for Google Maps < 1.0.64 - Unauthenticated Stored XSS via Plugin Settings Change



Description
"The vulnerability in 10Web Map Builder exists in the plugin’s setup process. The plugin’s setup functions are called during admin_init which, like Flexible Checkout Fields, is accessible to unauthenticated users. If an attacker injects malicious JavaScript into certain settings values, that code will execute for administrators in their dashboard as well as front-of-site visitors in some circumstances."

Affects Plugin

fixed in version 1.0.64

References

URL https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
URL https://plugins.trac.wordpress.org/changeset/2251882/wd-google-maps

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Sean Murphy, QA Lead Matt Rusnak, and QA Engineer Ramuel Gall (Wordfence)
Views 2514
Verified No
WPVDB ID 10099

Timeline

Publicly Published 2020-02-27 (about 1 month ago)
Added 2020-02-28 (about 1 month ago)
Last Updated 2020-02-29 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin