WordPress MapPress Maps for WordPress plugin <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Map Block vulnerability discovered by Akbar Kustirama in WordPress Plugin MapPress Maps for WordPress versions = 2.94.1...

WordPress MapPress Maps for WordPress Plugin <= 2.94.1 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.94.1 Fixed in 2.94.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e896b2089ac1 Credits Akbar...

WordPress MapPress Maps for WordPress Plugin < 2.88.16 is vulnerable to Sensitive Data Exposure

Software MapPress Maps for WordPress Type Plugin Vulnerable versions 2.88.16 Fixed in 2.88.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 800421954891 Credits Erwan LR...

WordPress MapPress Maps for WordPress Plugin < 2.88.15 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions 2.88.15 Fixed in 2.88.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0420 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 127ee0002ebf Credits Salvatore...

CVE-2024-0420

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...

CVE-2024-0421

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

CVE-2024-0420

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...

CVE-2024-0421

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

Cross site scripting

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...

Code injection

The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

CVE-2024-0420 MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...

CVE-2024-0420 MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...

CVE-2024-0420

MapPress Maps for WordPress Plugin prior to 2.88.15 is affected by a Stored XSS vulnerability: the map title is not sanitized/escaped when output in the admin dashboard, allowing Contributors and higher roles to inject exploits. Impact details reported across multiple sources (including Red Hat, ...

CVE-2024-0421 MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

CVE-2024-0421

The CVE-2024-0421 entry concerns the WordPress MapPress Maps plugin prior to 2.88.16, where an IDOR allows unauthenticated users to read private and draft posts via an AJAX action that should only expose public maps. Multiple connected sources confirm the flaw and its public-facing impact, includ...

CVE-2024-0421 MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

PT-2024-15543 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.88.15 Description: The issue allows Contributors and above roles to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of the map title when it is outputted...

WordPress Plugin MapPress Maps Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

WordPress Plugin MapPress Maps Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

PT-2024-15544 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.88.16 Description: The issue affects the MapPress Maps for WordPress plugin, allowing unauthenticated users to read arbitrary private and draft posts due to an Insecure Direct Object Reference...