CVE-2024-29931
published 2024-03-27CVE-2024-29931: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP…
PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.75%
50.4th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through <= 9.0.29.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codecabin | wp_go_maps | < 9.0.30 | 9.0.30 |
| wpgmaps | wp_go_maps | <= 9.0.29 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara
rule CVE_2024_29931_WPGoMaps_XSS { strings: $xss = "alert(document.domain)<a" $plugin = "wp-google-maps" condition: and }- →Look for XSS payloads containing 'alert(document.domain)<a' in requests targeting the WP Go Maps plugin ('wp-google-maps') on WordPress installations running version <= 9.0.29.
- →The vulnerability is an Improper Neutralization of Input During Web Page Generation (XSS) affecting WP Go Maps from n/a through version 9.0.29; monitor web requests to wp-google-maps plugin endpoints for unsanitized script injection. ↗
- ·The YARA/detection rule digest is provided as a rule integrity check; verify the rule matches the digest before deploying: 4a0a004730450221009ddd63089b8dccac714327e884bc3f801bfc777a18849c660d7386063748c37a02206114abcde652db61ef557ce78ddbb43e61a75bb2eb38faa41654f7ef3356281f:922c64590222798bb761d5b6d8e72950
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6cxc-vjp6-ff53: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google M
ghsa_unreviewed·2024-03-27
CVE-2024-29931 [HIGH] CWE-79 GHSA-6cxc-vjp6-ff53: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.
VulnCheck
codecabin wp_go_maps Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 6.1
CVE-2024-29931 [MEDIUM] codecabin wp_go_maps Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
codecabin wp_go_maps Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through <= 9.0.29.
Affected: codecabin wp_go_maps
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/wp-google-maps/vulnerability/wordpress-wp-go-maps-plugin-9-0-29-reflected-cross-site-scripting-xss-vulnerability
No detection rules found.
Nuclei
WP Go Maps <= 9.0.29 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-29931 [MEDIUM] WP Go Maps <= 9.0.29 - Cross-Site Scripting
WP Go Maps alert(document.domain)<a", "wp-google-maps")'
condition: and
# digest: 4a0a004730450221009ddd63089b8dccac714327e884bc3f801bfc777a18849c660d7386063748c37a02206114abcde652db61ef557ce78ddbb43e61a75bb2eb38faa41654f7ef3356281f:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/Wordpress/Plugin/wp-google-maps/vulnerability/wordpress-wp-go-maps-plugin-9-0-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/wp-google-maps/wordpress-wp-go-maps-plugin-9-0-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
2024-03-27
Published
Exploited in the wild