Google Distance Calculator allows hackers to inject malicious code in browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Distance Calculator allows hackers to inject malicious code in browser

CVE-2026-39674

Summary

The Google Distance Calculator, a tool used to calculate distances between locations, has a security issue that allows hackers to inject malicious code into users' browsers. This can potentially allow hackers to steal sensitive information or take control of users' accounts. Users should update the tool to the latest version (3.1.2 or higher) to protect against this vulnerability.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue aff...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/google-distance-calculator/vuln...

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026