Easy Google Maps <= 1.9.31 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2021-05-23

The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting

CVE

https://www.cve.org/CVERecord?id=CVE-2021-46780

CVSS

Score:4.8

Severity:Medium

Version: 1.9.31

There is a patch available in v1.9.32 and we strongly recommend you update to this version as soon as possible.