Lucene search
+L

91 matches found

Vulnrichment
Vulnrichment
added 2024/01/30 7:34 a.m.3 views

CVE-2023-7225 MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.8AI score0.00491EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.8 views

PT-2024-15236 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.16 Description: The issue is related to Stored Cross-Site Scripting via the width and height parameters due to insufficient input sanitization and output escaping. This allows...

6.4CVSS8.4AI score0.00491EPSS
Exploits2References10
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.30 views

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks PoC As a contributor, create/edit a map with the below payload as title and attach it to a post ca...

5.2AI score0.00462EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.386 views

MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...

6.7AI score0.00568EPSS
Exploits2
OSV
OSV
added 2024/01/03 6:15 a.m.9 views

CVE-2023-6524

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

5.4CVSS6AI score0.00547EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/01/03 5:31 a.m.7 views

CVE-2023-6524 MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

6.4CVSS6.8AI score0.00547EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/01/03 5:31 a.m.23 views

CVE-2023-6524 MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

6.4CVSS5.9AI score0.00547EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.7 views

WordPress Plugin MapPress Maps for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.1AI score0.00547EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/01/02 12:0 a.m.11 views

PT-2024-14992 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to and including 2.88.13 Description: The issue is related to Stored Cross-Site Scripting via the map title parameter due to insufficient input sanitization and output escaping. This allows authenticate...

6.4CVSS5.7AI score0.00547EPSS
Exploits2References10
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.7 views

The vulnerability of the MapPress Maps plugin in the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the MapPress Maps plugin for the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS6.2AI score0.02291EPSS
Exploits2References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.10 views

The vulnerability of the MapPress Maps plugin in the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the MapPress Maps plugin for the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS6.2AI score0.02038EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2023/11/03 1:15 p.m.3 views

CVE-2023-26015

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4...

9.8CVSS7.3AI score0.00734EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/03 12:40 p.m.11 views

CVE-2023-26015 WordPress MapPress Maps for WordPress plugin <= 2.85.4 - Authenticated SQL Injection vulnerability

A vulnerability in chrisvrichardson MapPress Maps for WordPress mappress-google-maps-for-wordpress.This issue affects MapPress Maps for WordPress: from n/a through = 2.85.4...

7.1CVSS8.6AI score0.00734EPSS
Exploits0References1
CVE
CVE
added 2023/11/03 12:40 p.m.114 views

CVE-2023-26015

CVE-2023-26015 pertains to the WordPress MapPress Maps for WordPress plugin (

9.8CVSS8.9AI score0.00734EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.6 views

WordPress Plugin MapPress Maps for WordPress SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin MapPress...

9.8CVSS7.6AI score0.00734EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/03 12:0 a.m.7 views

PT-2023-20427 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions through 2.85.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

9.8CVSS9.9AI score0.00734EPSS
Exploits0References6
OSV
OSV
added 2023/09/12 2:15 a.m.5 views

CVE-2023-4840

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7AI score0.00467EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/09/12 1:52 a.m.15 views

CVE-2023-4840 MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.8AI score0.00467EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.8 views

WordPress plugin MapPress Maps for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.4CVSS6AI score0.00467EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.8 views

PT-2023-30820 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.4 Description: The issue is related to Stored Cross-Site Scripting via the mappress shortcode due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS6.3AI score0.00467EPSS
Exploits0References9
Rows per page
Query Builder