WordPress Google Map Professional (Map In Your Language) plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires victim to load a maliciously crafted URL. [已公开] id: CVE-2024-13220 info: name: WordPress Google Map Professional - Cross-Site Scripting author: Sourabh-Sahu severity: medium description: | WordPress Google Map Professional (Map In Your Language) plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires victim to load a maliciously crafted URL. impact: | Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to account compromise or session hijacking. remediation: | Update to the latest version of the plugin where the issue is fixed or implement proper sanitization and escaping measures. reference: - https://wps

未知