CVE-2022-2424

CVE-2022-2424: Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Google Maps Anywhere
Weakness CWE-79 · XSS
Published August 8, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

August 8, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-4578 code-projects Exam Form Submission update_s3.php cross site scripting CVE-2024-45460 WordPress Flipping Cards plugin <= 1.30 - Cross Site Scripting (XSS) vulnerability CVE-2025-26922 WordPress AuraMart theme <= 2.0.7 - Cross Site Scripting (XSS) vulnerability CVE-2024-10342 League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-49157 WordPress Multiple Post Passwords Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)