WordPress MapPress Plugin < 2.53.9 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2020-12077

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

Remote code execution

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

CVE-2020-12077

The WordPress plugin MapPress Maps for WordPress (mappress-google-maps-for-wordpress) is affected by CVE-2020-12077: versions before 2.53.9 implement AJAX actions without nonce or proper capability checks, enabling Remote Code Execution via admin-ajax.php. Red Hat and NVD entries corroborate the ...

CVE-2020-12077

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

MapPress Maps < 2.53.9 - Authenticated Map Creation/Deletion Leading to Stored Cross-Site Scripting (XSS)

Both the Free and Pro versions of this plugin register AJAX actions that call functions which lack capability checks and nonce checks. It is possible for a logged-in attacker with minimal permissions, such as a subscriber, to add a map containing malicious JavaScript to an arbitrary post or page ...

MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions

The pro version of this plugin registers several AJAX actions that call functions which lack capability checks and nonce checks, specifically the ‘ajaxget’, ‘ajaxsave’, and ‘ajaxdelete’ functions in mappresstemplate.php. As such, it is possible for a logged-in attacker with minimal permissions,...

MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions

The pro version of this plugin registers several AJAX actions that call functions which lack capability checks and nonce checks, specifically the ‘ajaxget’, ‘ajaxsave’, and ‘ajaxdelete’ functions in mappresstemplate.php. As such, it is possible for a logged-in attacker with minimal permissions,...

WordPress mappress-google-maps-for-wordpress code issue vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. mappress-google-maps-for-wordpress is an interactive maps plugin used in it. A code issue vulnerability exists in WordPress...

PT-2020-13029 · WordPress · Mappress-Google-Maps-For-Wordpress

Name of the Vulnerable Software and Affected Versions: mappress-google-maps-for-wordpress plugin versions prior to 2.53.9 Description: The issue arises from the incorrect implementation of AJAX functions with nonces or capability checks in the mappress-google-maps-for-wordpress plugin, leading to...