6 matches found
EUVD-2020-4971
Malware in sbrugna...
CVE-2020-12077
creationtimestamp| type| source ---|---|--- 2020-05-29 20:46:03+00:00| seen| https://t.me/VulnerabilityNews/14898 2020-05-29 20:55:02+00:00| seen| https://t.me/cibsecurity/12406 2023-09-12 11:00:38+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9010 2024-08-16...
Design/Logic Flaw
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
CVE-2020-12675
The CVE-2020-12675 entry concerns the WordPress plugin mappress-google-maps-for-wordpress, version prior to 2.54.6. Affected component: the plugin’s AJAX-related code (creation/retrieval/deletion of PHP template files) with insufficient capability checks, enabling Remote Code Execution. Root caus...
MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls
Due to incomplete fixes for CVE-2020-12077, an attacker with subscriber privileges may be able to download, delete and upload arbitrary PHP files, which could result in remote command execution...
CVE-2020-12077
The WordPress plugin MapPress Maps for WordPress (mappress-google-maps-for-wordpress) is affected by CVE-2020-12077: versions before 2.53.9 implement AJAX actions without nonce or proper capability checks, enabling Remote Code Execution via admin-ajax.php. Red Hat and NVD entries corroborate the ...