4 matches found
MapifyLite < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the Image URL either in the settings or in a location, allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes WPScanTeam: - The vendor has been notified on March 24th, 2021 - The pro version is very likely to be...
WordPress MapifyLite 3.3 Cross Site Scripting
Title : MapifyLite Wordpress Plugins Stored XSS Injection Date : 24/03/2021 Author : Eagle Eye Vendor Homepage : https://mapifypro.com/product/mapifylite/ Version Affected : 3.3 and below Tested on : Google Chrome XSS vulnerability from Map settings & locations 1. Login user 2. Go to add map...
MapifyLite < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the Image URL either in the settings or in a location, allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes WPScanTeam: - The vendor has been notified on March 24th, 2021 - The pro version is very likely to be...
WordPress MapifyLite 3.3 Cross Site Scripting Vulnerability
Title : MapifyLite Wordpress Plugins Stored XSS Injection Author : Eagle Eye Vendor Homepage : https://mapifypro.com/product/mapifylite/ Version Affected : 3.3 and below Tested on : Google Chrome XSS vulnerability from Map settings & locations 1. Login user 2. Go to add map settins/locations 3. P...