CVE-2023-4840 MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-4840 MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-4840

MapPress Maps for WordPress (a WordPress plugin) has a stored XSS in the mappress shortcode for versions up to 2.88.4 caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires an authenticated attacker with contributor-level permissions or hi...

WordPress plugin MapPress Maps for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

MapPress Maps for WordPress < 2.88.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress MapPress Maps for WordPress Plugin <= 2.88.4 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.4 Fixed in 2.88.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4840 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4fb9c1035c4b Credits Lana Codes...

PT-2023-30820 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.4 Description: The issue is related to Stored Cross-Site Scripting via the mappress shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection

Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.85.4 Fixed in 2.85.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26015 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dfda53627d56 Credits Rafie Muhammad Patchstack Required...

WordPress MapPress Maps plugin authorization problem vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress MapPress Maps plugin has an authorization problem vulnerability that stems from a lack of authentication measures or...

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

Design/Logic Flaw

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

CVE-2022-0537 MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

CVE-2022-0537

CVE-2022-0537 affects MapPress Maps for WordPress before 2.73.13. A high-privileged user can bypass DISALLOW_FILE_EDIT/DISALLOW_FILE_MODS and upload arbitrary files via the ajax_save function. The uploaded file is written relative to the current theme/stylesheet directory and given a .php extensi...

PT-2022-13248 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.73.13 Description: The issue allows a high privileged user to bypass certain security settings and upload arbitrary files to the site through the ajax save function. The file is written relative...

WordPress plugin MapPress Maps代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress MapPress Maps plugin has an authorization problem vulnerability that stems from a lack of authentication measures or...

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...

WordPress MapPress Maps for WordPress plugin <= 2.73.12 - Admin+ File Upload leading to Remote Code Execution vulnerability

Admin+ File Upload leading to Remote Code Execution vulnerability discovered by qerogram in WordPress MapPress Maps for WordPress plugin versions = 2.73.12. Solution Update the WordPress MapPress Maps for WordPress plugin to the latest available version at least 2.73.13...

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...