cleantalk
Vulnerabilities and Security Researches

Easy Google Maps, CVE-2024-5219

CVE, Research URL

CVE-2024-5219

Home page URL

Security reports for Easy Google Maps

Application

Easy Google Maps

Published on
Jul 02, 2024
Research Description
The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.11.16.
Status
vulnerable
Previous vulnerability researches
Easy Google Maps (CVE-2021-46780) , Jun 07, 2024
Easy Google Maps (CVE-2021-39346) , Jun 07, 2024
Easy Google Maps (CVE-2023-2526) , Jun 07, 2024
Easy Google Maps (CVE-2023-33926) , Jun 07, 2024
Easy Google Maps (CVE-2024-31269) , Jun 07, 2024
New vulnerability
Lock Your Updates Plugins/Themes Manager (CVE-2025-32537) , Apr 13, 2025
Neon Product Designer (CVE-2025-32565) , Apr 13, 2025
Flexi – Guest Submit (CVE-2025-32589) , Apr 13, 2025
Interactive Geo Maps (CVE-2025-32525) , Apr 13, 2025
Twispay Credit Card Payments (CVE-2025-32601) , Apr 13, 2025