CVE-2024-10592 PoC — Mapster WP Maps <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Source

https://github.com/windz3r0day/CVE-2024-10592

Associated Vulnerability

Title:Mapster WP Maps <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting (CVE-2024-10592)
Description:The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Description

CVE-2024-10592 poc exploit

Readme

# CVE-2024-10592
CVE-2024-10592 poc exploit.
For post-exploitation, you can use beef-xss.

The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

File Snapshot


 [4.0K]  /data/pocs/e9a4711b3670128448e15650e6a2ecdcb94e8773
├── [4.0K]  CVE-2024-10592
│   ├── [ 269]  CVE-2024-10592.txt
│   ├── [ 51K]  how use.png
│   └── [108K]  xss alert.png
└── [ 506]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!