cleantalk
Vulnerabilities and Security Researches

Easy Google Maps, CVE-2021-39346

CVE, Research URL

CVE-2021-39346

Home page URL

Security reports for Easy Google Maps

Application

Easy Google Maps

Published on
Nov 02, 2021
Research Description
The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Affected versions
Min -, max 1.10.1.
Status
vulnerable
Previous vulnerability researches
Easy Google Maps (CVE-2021-46780) , Jun 07, 2024
Easy Google Maps (CVE-2021-39346) , Jun 07, 2024
Easy Google Maps (CVE-2023-2526) , Jun 07, 2024
Easy Google Maps (CVE-2023-33926) , Jun 07, 2024
Easy Google Maps (CVE-2024-31269) , Jun 07, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025