CVE-2023-5532

CVE-2023-5532 affects the WordPress ImageMapper plugin (versions

CVE-2023-5532

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

CVE-2023-5532 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

CVE-2023-5507 ImageMapper <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5507

CVE-2023-5507 affects the WordPress ImageMapper plugin (imagemapper) and its shortcode, vulnerable through insufficient input sanitization and output escaping in shortcode attributes. Affected versions are up to 1.2.6. The issue enables stored cross-site scripting (XSS) by authenticated users wit...

CVE-2023-5507 ImageMapper <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5975 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Plugin Settings Change via ajax

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged...

CVE-2023-5975

CVE-2023-5975 : The ImageMapper WordPress plugin (

CVE-2023-5975 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Plugin Settings Change via ajax

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged...

CVE-2023-5506 ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajax

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmapdeleteareaajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5506

CVE-2023-5506 concerns the WordPress ImageMapper plugin. Affected versions are

CVE-2023-5506 ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajax

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmapdeleteareaajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

WordPress ImageMapper Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageMapper Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5532 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3917edf745ee Credits Lana Codes Required...

WordPress Plugin ImageMapper Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

WordPress Plugin ImageMapper Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-32141 · WordPress · Imagemapper

Name of the Vulnerable Software and Affected Versions: ImageMapper plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'imagemap' shortcode, allowing authenticated...

WordPress ImageMapper Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software ImageMapper Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5506 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 273249a3fdc4 Credits Lana Codes Required privilege...

WordPress ImageMapper Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software ImageMapper Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5507 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd6f49b1b90c Credits Lana Codes Required privilege...

PT-2023-32454 · WordPress · Imagemapper

Name of the Vulnerable Software and Affected Versions: ImageMapper plugin for WordPress versions up to, and including, 1.2.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on multiple functions. This allows unauthenticated attackers to...

WordPress Plugin ImageMapper Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...