170 matches found
WordPress MapPress Maps plugin cross-site scripting vulnerability
WordPress is the WordPress Wordpress Foundation's set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress MapPress Maps plugin prior to 2.73.4. The vulnerability stems from the fact that the MapPress Maps plugin does not...
CVE-2022-0208
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting...
CVE-2022-0208
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting...
CVE-2022-0208
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting...
CVE-2022-0208
The WordPress MapPress Maps plugin is affected: pre-2.73.4 versions do not sanitize/escape the mapid parameter in the Bad mapid error, enabling reflected XSS. Impact: injected scripts could run in users’ browsers when viewing affected pages. Affected component: MapPress Maps for WordPress (WordPr...
CVE-2022-0208 MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting...
WordPress 跨站脚本漏洞
WordPress is the WordPress Wordpress Foundation's set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress MapPress Maps plugin prior to 2.73.4. The vulnerability stems from the fact that the MapPress Maps plugin does not...
WordPress MapPress Maps for WordPress plugin <= 2.73.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress MapPress Maps for WordPress plugin versions = 2.73.3. Solution Update the WordPress MapPress Maps for WordPress plugin to the latest available version at least 2.73.4...
MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting
The plugin does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting https://example.com/?mappiframe=1&mapid=--%3E%3Cimg%20src%20onerror=alert/XSS/%3E...
MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting
The plugin does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting PoC https://example.com/?mappiframe=1=--%3E%3Cimg%20src%20onerror=alert/XSS/%3E...
WordPress MapPress Plugin < 2.54.6 RCE Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113697";...
WordPress mappress-google-maps-for-wordpress code issue vulnerability (CNVD-2020-35726)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. mappress-google-maps-for-wordpress is an interactive maps plugin used in it. A code issue vulnerability exists in WordPress...
CVE-2020-12675
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
CVE-2020-12675
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
Design/Logic Flaw
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
CVE-2020-12675
The CVE-2020-12675 entry concerns the WordPress plugin mappress-google-maps-for-wordpress, version prior to 2.54.6. Affected component: the plugin’s AJAX-related code (creation/retrieval/deletion of PHP template files) with insufficient capability checks, enabling Remote Code Execution. Root caus...
CVE-2020-12675
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
PT-2020-13196 · WordPress · Mappress-Google-Maps-For-Wordpress
Name of the Vulnerable Software and Affected Versions: mappress-google-maps-for-wordpress plugin versions prior to 2.54.6 Description: The issue is related to incomplete capability checks for AJAX functions, specifically those involved in the creation, retrieval, and deletion of PHP template file...
MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls
Due to incomplete fixes for CVE-2020-12077, an attacker with subscriber privileges may be able to download, delete and upload arbitrary PHP files, which could result in remote command execution...