CVE-2023-6777
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin.
We have discovered 24,131 live websites that are affected by CVE-2023-6777.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 24,131 live websites (48.21% of WP Go Maps install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 358 versions ( 94.71% of all versions) |
Details
- Published - Apr 9, 2024
- Updated - Aug 8, 2024
Credits
- Hassan Khan Yusufzai (finder)
- Danish Tariq (finder)
CVE References
CVE-2023-6777 usage by Country
 United States | 7,100 websites |
 Germany | 3,461 websites |
 France | 2,059 websites |
 Poland | 1,335 websites |
 GB | 1,265 websites |
 Netherlands | 809 websites |
 Italy | 787 websites |
 Switzerland | 555 websites |
 Spain | 520 websites |
 Australia | 475 websites |
CVE-2023-6777 usage by TLD
| .com | 8,762 websites |
| .de | 2,063 websites |
| .pl | 1,102 websites |
| .co.uk | 1,095 websites |
| .fr | 970 websites |
| .org | 879 websites |
| .nl | 793 websites |
| .it | 645 websites |
| .com.au | 549 websites |
| .ch | 508 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6777
Top websites that are affected by CVE-2023-6777. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.de | Germany | *,*** | |
| ***********************.com | United States | **,*** | |
| ******.net | United States | **,*** | |
| **********.com | United States | **,*** | |
| ********.org | United States | **,*** | |
| ***************.com | United States | **,*** | |
| ***********.com | United States | ***,*** | |
| **************.org | United States | ***,*** | |
| ******************.es | Spain | ***,*** | |
| *******.org | GB | ***,*** |
FAQ
A total of 24,131 websites have been identified as vulnerable to CVE-2023-6777, discovered through global website indexing conducted by WebTechSurvey.
WP Go Maps is susceptible to CVE-2023-6777 vulnerability.
WP Go Maps versions before, and including, 9.0.34 are vulnerable to CVE-2023-6777.