CVE-2023-6697
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
We have discovered 21,260 live websites that are affected by CVE-2023-6697.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 21,260 live websites (42.47% of WP Go Maps install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 352 versions ( 93.12% of all versions) |
Details
- Published - Jan 24, 2024
- Updated - Aug 2, 2024
Credits
- Nex Team (finder)
CVE References
CVE-2023-6697 usage by Country
 United States | 6,100 websites |
 Germany | 2,982 websites |
 France | 1,860 websites |
 Poland | 1,215 websites |
 GB | 1,099 websites |
 Netherlands | 719 websites |
 Italy | 717 websites |
 Spain | 479 websites |
 Switzerland | 449 websites |
 Australia | 443 websites |
CVE-2023-6697 usage by TLD
| .com | 7,726 websites |
| .de | 1,747 websites |
| .pl | 1,011 websites |
| .co.uk | 939 websites |
| .fr | 872 websites |
| .org | 732 websites |
| .nl | 705 websites |
| .it | 584 websites |
| .com.au | 504 websites |
| .ch | 405 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6697
Top websites that are affected by CVE-2023-6697. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********************.com | United States | **,*** | |
| ******.net | United States | **,*** | |
| **********.com | United States | **,*** | |
| ********.org | United States | **,*** | |
| ***************.com | United States | **,*** | |
| **************.org | United States | ***,*** | |
| *********************.net | United States | ***,*** | |
| ******.**.edu | United States | ***,*** | |
| ******.eu | Poland | ***,*** | |
| ********.io | United States | ***,*** |
FAQ
A total of 21,260 websites have been identified as vulnerable to CVE-2023-6697, discovered through global website indexing conducted by WebTechSurvey.
WP Go Maps is susceptible to CVE-2023-6697 vulnerability.
WP Go Maps versions before, and including, 9.0.28 are vulnerable to CVE-2023-6697.