CVE-2023-6777
WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin.
| CWE | CWE-200 |
| Vendor | wpgmaps |
| Product | wp go maps (formerly wp google maps) |
| Published | Apr 9, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for wpgmaps wp go maps (formerly wp google maps)
Be the first to know when new medium vulnerabilities affecting wpgmaps wp go maps (formerly wp google maps) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wpgmaps / WP Go Maps (formerly WP Google Maps)
0 โค 9.0.34
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/509cccbd-3aa0-45f1-84a0-387d678ebf65?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058300%40wp-google-maps&new=3058300%40wp-google-maps&sfp_email=&sfph_mail=#file673
Credits
Hassan Khan Yusufzai - Splint3r7 Danish Tariq