01642 06 11 11 Arrange Call

Unprotected REST API Routes in WP Go Maps Plugin Allow for Malicious HTML/Javascript Injection

CVE-2023-6627 · MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2023-6627

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

Learn more about our Wordpress Pen Testing.