CVE-2023-6777

Name of the Vulnerable Software and Affected Versions WP Go Maps plugin for WordPress versions up to, and including, 9.0.34

Description The issue allows unauthenticated attackers to obtain the developer's Google API key due to the plugin adding the API key to several plugin files. This does not directly affect the security of sites using the plugin but enables attackers to make requests using the API key, potentially exhausting requests and resulting in an inability to use the map functionality.

Recommendations For versions up to, and including, 9.0.34, update to a version later than 9.0.34 to prevent unauthenticated API key disclosure. As a temporary workaround, consider restricting access to the plugin files that contain the API key to minimize the risk of exploitation.