Home / exploitsPDF  

WordPress Geo Mashup 1.8.2 Cross Site Scripting

Posted on 29 January 2015

Vulnerability title: Wordpress Geo Mashup plugin XSS Author: Paolo Perego CVE: CVE-2015-1383 Affected versions: <= 1.8.2 Fixed version: 1.8.3 (January, 11 2015) Product link: https://wordpress.org/plugins/geo-mashup/ Description Geo Mashup is a wordpress plugin designed to let you save location information with posts, pages, and other WordPress objects. These information can then be presented on interactive maps in many ways. Plugin versions before 1.8.3 suffer from a cross site scripting vulnerability when displaying search results. The search key was not properly sanitized so an attacker can eventually inject arbitrary javascript code. Fix People can use Wordpress backend provided functionalities to upgrade Wordpress Geo Mashup plugin to the latest version. Paolo -- $ cd /pub $ more beer

 

TOP