CVE-2021-46780: 
WordPress vulnerability analysis and mitigation

The Easy Google Maps WordPress plugin versions before 1.9.32 contains a Reflected Cross-Site Scripting (XSS) vulnerability, identified as CVE-2021-46780. The vulnerability was publicly disclosed on May 24, 2021, and was discovered by security researcher 0xB9. This security flaw affects the plugin's admin dashboard functionality (WPScan).

The vulnerability stems from improper input validation where the plugin fails to properly escape the 'tab' parameter before outputting it back in an attribute in the admin dashboard. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

If exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the context of the admin dashboard. This could potentially lead to the compromise of sensitive information or manipulation of admin dashboard functionality (WPScan).

The vulnerability has been fixed in version 1.9.32 of the Easy Google Maps plugin. Users are strongly advised to update to this version or later to mitigate the risk (WPScan).