CVE-2021-36871

Name of the Vulnerable Software and Affected Versions WordPress WP Google Maps Pro premium plugin versions <= 8.1.11

Description The issue concerns multiple authenticated persistent Cross-Site Scripting (XSS) vulnerabilities. Vulnerable parameters include &wpgmaps marker category name, &attributes[] (for both Value and Name), &icons[], &names[], &description, &link, and &title.

Recommendations For WordPress WP Google Maps Pro premium plugin versions <= 8.1.11, update to a version higher than 8.1.11 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters until a patch is available. Avoid using the parameters &wpgmaps marker category name, &attributes[], &icons[], &names[], &description, &link, and &title in the affected plugin until the issue is resolved.