Skip to main content

Mappress Maps For Wordpress

2 CVEs product

Monthly

CVE-2024-0421 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Mappress Maps For Wordpress
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-0420 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress Maps For Wordpress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Mappress Maps For Wordpress
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress Maps For Wordpress
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy