CVE-2021-36870

Name of the Vulnerable Software and Affected Versions WordPress WP Google Maps plugin versions <= 8.1.12

Description The issue concerns multiple authenticated persistent Cross-Site Scripting (XSS) vulnerabilities. Vulnerable parameters include &dataset name, &wpgmza gdpr retention purpose, &wpgmza gdpr company name, &name #2, &name, &polyname #2, &polyname, and &address.

Recommendations For WordPress WP Google Maps plugin versions <= 8.1.12, update to a version higher than 8.1.12 to resolve the issue. As a temporary workaround, consider restricting access to the parameters &dataset name, &wpgmza gdpr retention purpose, &wpgmza gdpr company name, &name #2, &name, &polyname #2, &polyname, and &address until a patch is available.