CVE-2023-6777

Published: Apr 9, 2024Modified: Apr 8, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin.

Affected (2)

Products: Codecabin: Wp Go Maps

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Codecabin Wp Go Maps	Before 9.0.35
Codecabin Wp Go Maps	Before 9.0.35

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058300%40wp-google-maps&new=3058300%40wp-google-maps&sfp_email=&sfph_mail=#file673

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/509cccbd-3aa0-45f1-84a0-387d678ebf65?source=cve

Source: security@wordfence.com

Third Party Advisory

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058300%40wp-google-maps&new=3058300%40wp-google-maps&sfp_email=&sfph_mail=#file673

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/509cccbd-3aa0-45f1-84a0-387d678ebf65?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.