CVE-2014-4587 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl (2) mt or (3) dc parameter to guest-locator.php; the (4) zl (5) mt (6) activate or (7) dc parameter to online-tracker.php; the (8) zl (9) mt or (10) dc parameter to stats-map.php; or the (11) zl (12) mt (13) activate or (14) dc parameter to weather-map.php.

Reference

http://codevigilant.com/disclosure/wp-plugin-wp-guestmap-a3-cross-site-scripting-xss http://www.securityfocus.com/bid/68403