MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks PoC - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add...

CVE-2023-7225

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-7225

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-7225

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cross site scripting

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-7225 MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-7225

CVE-2023-7225 – MapPress Maps for WordPress : Stored XSS in width/height parameters affects all versions up to 2.88.16 due to insufficient input sanitization and output escaping. Exploitation requires authentication with at least contributor privileges, enabling attackers to inject script that ru...

CVE-2023-7225 MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Plugin MapPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress MapPress Maps for WordPress Plugin <= 2.88.16 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.16 Fixed in 2.88.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7225 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbcdd95991b2 Credits Akbar...

PT-2024-15236 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.16 Description: The issue is related to Stored Cross-Site Scripting via the width and height parameters due to insufficient input sanitization and output escaping. This allows...

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks As a contributor, create/edit a map with the below payload as title and attach it to a post can be...

MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...

MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks PoC As a contributor, create/edit a map with the below payload as title and attach it to a post ca...

CVE-2023-6524

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

CVE-2023-6524

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

Cross site scripting

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

CVE-2023-6524 MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...