CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

170 matches found

NVD•added 2025/04/18 6:15 a.m.•25 views

CVE-2025-2162

The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00318EPSS

Exploits1References1

CVE•added 2025/04/18 6:0 a.m.•67 views

CVE-2025-2162

CVE-2025-2162 : MapPress Maps for WordPress plugin, versions before 2.94.10, contains insufficient sanitization/escaping of settings. This enables Stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disabled (such as in multisite). Root cause: lack of proper input saniti...

4.8CVSS4.8AI score0.00318EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/04/18 6:0 a.m.•37 views

CVE-2025-2162 MapPress Maps for WordPress < 2.94.10 - Admin+ Stored XSS

0.00318EPSS

Exploits1References1

CNNVD•added 2025/04/18 12:0 a.m.•3 views

WordPress plugin MapPress Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS6AI score0.00318EPSS

Exploits1References1

Positive Technologies•added 2025/04/18 12:0 a.m.•3 views

PT-2025-17259 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.94.10 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, f...

4.8CVSS5.3AI score0.00318EPSS

Exploits1References5

RedhatCVE•added 2025/04/05 6:41 a.m.•17 views

CVE-2025-2055

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

6.8CVSS6.2AI score0.00372EPSS

Exploits1References1

Patchstack•added 2025/04/03 6:30 a.m.•6 views

WordPress MapPress Maps for WordPress plugin < 2.94.9 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MapPress Maps for WordPress versions 2.94.9...

6.8CVSS7.9AI score0.00372EPSS

Exploits1References1Affected Software1

NVD•added 2025/04/03 6:15 a.m.•12 views

CVE-2025-2055

6.8CVSS0.00372EPSS

Exploits1References1

OSV•added 2025/04/03 6:15 a.m.•2 views

CVE-2025-2055

6.8CVSS7.3AI score0.00372EPSS

Exploits1References1

Vulnrichment•added 2025/04/03 6:0 a.m.•7 views

CVE-2025-2055 MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS

6.3AI score0.00372EPSS

Exploits1References1

Cvelist•added 2025/04/03 6:0 a.m.•14 views

CVE-2025-2055 MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS

0.00372EPSS

Exploits1References1

Positive Technologies•added 2025/04/03 12:0 a.m.•3 views

PT-2025-14581 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.94.9 Description: The issue concerns the MapPress Maps plugin for WordPress, where certain parameters are not properly sanitized and escaped when displayed on the page. This could allow users wi...

6.8CVSS6.7AI score0.00372EPSS

Exploits1References9

CNNVD•added 2025/04/03 12:0 a.m.•3 views

WordPress plugin MapPress Maps 安全漏洞

6.8CVSS6.8AI score0.00372EPSS

Exploits1References1

OSV•added 2024/11/06 11:15 a.m.•2 views

CVE-2024-10715

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS5.9AI score

Exploits0References2

NVD•added 2024/11/06 11:15 a.m.•17 views

CVE-2024-10715

6.4CVSS0.00256EPSS

Exploits0References2

CVE•added 2024/11/06 11:0 a.m.•54 views

CVE-2024-10715

CVE-2024-10715 is a stored XSS vulnerability in the MapPress Maps for WordPress plugin for WordPress, affecting all versions up to 2.94.1. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Map block, enabling an authenticated attacker wit...

6.4CVSS5.4AI score0.00256EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/11/06 11:0 a.m.•22 views

CVE-2024-10715 MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block

6.4CVSS0.00256EPSS

Exploits0References2

Vulnrichment•added 2024/11/06 11:0 a.m.•33 views

CVE-2024-10715 MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block

6.4CVSS5.7AI score0.00256EPSS

Exploits0References2

CNNVD•added 2024/11/06 12:0 a.m.•3 views

WordPress plugin MapPress Maps for WordPress 跨站脚本漏洞

6.4CVSS7.7AI score0.00256EPSS

Exploits0References3

Positive Technologies•added 2024/11/06 12:0 a.m.•3 views

PT-2024-16485 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.94.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Map block due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS6AI score0.00256EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by