CVE-2021-24502

CVE-2021-24502: WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product Maps Plugin using Google Maps for WordPress – WP Google Map

Weakness CWE-79 · XSS

Published August 9, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

August 9, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24502 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-57966 WordPress Gallery Lightbox plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability CVE-2025-53455 WordPress CashBill.pl – Płatności WooCommerce Plugin <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability CVE-2023-47877 WordPress Perfmatters Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-11883 Responsive Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-51883 WordPress I Plant A Tree plugin <= 1.7.4 - Stored Cross Site Scripting (XSS) vulnerability