CVE-2017-17744
First published: Tue Dec 19 2017(Updated: )
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webdesi9 Custom Map | <=1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-17744?
CVE-2017-17744 is a cross-site scripting (XSS) vulnerability in the custom-map plugin for WordPress.
How does CVE-2017-17744 affect WordPress?
CVE-2017-17744 allows remote attackers to inject arbitrary web script or HTML into WordPress through the custom-map plugin.
What is the severity level of CVE-2017-17744?
CVE-2017-17744 has a medium severity level with a severity value of 6.1.
How can I fix CVE-2017-17744?
To fix CVE-2017-17744, update the custom-map plugin to version 1.2 or higher.
Where can I find more information about CVE-2017-17744?
You can find more information about CVE-2017-17744 at the following references: [1] http://seclists.org/fulldisclosure/2017/Dec/72 [2] https://wpvulndb.com/vulnerabilities/8982
- collector/nvd-index
- vendor/webdesi9
- product/custom map
- canonical/webdesi9 custom map