91 matches found
CVE-2023-7225 MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-15236 · WordPress · Mappress Maps
Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.16 Description: The issue is related to Stored Cross-Site Scripting via the width and height parameters due to insufficient input sanitization and output escaping. This allows...
MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS
Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks PoC As a contributor, create/edit a map with the below payload as title and attach it to a post ca...
MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure
Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...
CVE-2023-6524
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
CVE-2023-6524 MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
CVE-2023-6524 MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
WordPress Plugin MapPress Maps for WordPress Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-14992 · WordPress · Mappress Maps
Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to and including 2.88.13 Description: The issue is related to Stored Cross-Site Scripting via the map title parameter due to insufficient input sanitization and output escaping. This allows authenticate...
The vulnerability of the MapPress Maps plugin in the WordPress content management system allows a hacker to execute XSS attacks.
The vulnerability of the MapPress Maps plugin for the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the MapPress Maps plugin in the WordPress content management system allows a hacker to execute XSS attacks.
The vulnerability of the MapPress Maps plugin for the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2023-26015
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4...
CVE-2023-26015 WordPress MapPress Maps for WordPress plugin <= 2.85.4 - Authenticated SQL Injection vulnerability
A vulnerability in chrisvrichardson MapPress Maps for WordPress mappress-google-maps-for-wordpress.This issue affects MapPress Maps for WordPress: from n/a through = 2.85.4...
CVE-2023-26015
CVE-2023-26015 pertains to the WordPress MapPress Maps for WordPress plugin (
WordPress Plugin MapPress Maps for WordPress SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin MapPress...
PT-2023-20427 · WordPress · Mappress Maps
Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions through 2.85.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
CVE-2023-4840
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-4840 MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin MapPress Maps for WordPress Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2023-30820 · WordPress · Mappress Maps
Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.4 Description: The issue is related to Stored Cross-Site Scripting via the mappress shortcode due to insufficient input sanitization and output escaping on user-supplied...