CVE-2024-22297: 
WordPress vulnerability analysis and mitigation

The CVE-2024-22297 is a Stored Cross-Site Scripting (XSS) vulnerability discovered in the Codeboxr CBX Map for Google Map & OpenStreetMap WordPress plugin, affecting versions up to 1.1.11. The vulnerability was discovered by Ngô Thiên An (ancorn_) and was publicly disclosed on January 17, 2024 (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 5.4 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows authenticated attackers with contributor-level access or above to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized actions, data theft, or other malicious activities (WPScan).

The vulnerability has been fixed in version 1.1.12 of the CBX Map for Google Map & OpenStreetMap plugin. Users are advised to update to this version or later to remediate the security issue (Patchstack).