Lucene search
K

91 matches found

Nuclei
Nuclei
added 8 hours ago14 views

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

5.3CVSS6.1AI score0.00813EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-56011

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.31 views

CVE-2026-56011 WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39687

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS5.8AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.25 views

CVE-2026-56011

CVE-2026-56011 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin mapPress Maps for WordPress, affected versions are ≤ 2.97.3. The vulnerability is documented across multiple sources (NVD, CVE databases, and PatchStack) with consistent impact: XSS that c...

7.1CVSS5.8AI score0.00244EPSS
In wildExploits0References1
Patchstack
Patchstack
added 2026/06/19 8:45 a.m.9 views

WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by l3m3s in WordPress Plugin MapPress Maps for WordPress versions = 2.97.3...

7.1CVSS5.8AI score0.00244EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.18 views

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS5.5AI score0.00813EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 5:16 a.m.13 views

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS0.00813EPSS
Exploits0References24
Vulnrichment
Vulnrichment
added 2026/06/06 3:28 a.m.9 views

CVE-2026-8839 MapPress Maps for WordPress <= 2.96.6 - Unauthenticated Insecure Direct Object Reference via REST API Endpoints

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS5.5AI score0.00813EPSS
Exploits0References24
EUVD
EUVD
added 2026/06/06 3:28 a.m.13 views

EUVD-2026-34957

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS5.5AI score0.00813EPSS
Exploits0References24
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

WordPress plugin MapPress Maps for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.00813EPSS
Exploits0References25
Patchstack
Patchstack
added 2026/06/05 2:37 p.m.13 views

WordPress MapPress Maps for WordPress plugin <= 2.96.6 - Unauthenticated Insecure Direct Object Reference vulnerability

Unauthenticated Insecure Direct Object Reference vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin MapPress Maps for WordPress versions = 2.96.6...

5.3CVSS5.4AI score0.00813EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-29902

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00734EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-9576

Malicious code in bioql PyPI...

6.8CVSS7.3AI score0.00436EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-58755

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00547EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:33 a.m.9 views

CVE-2024-0420

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...

6.1CVSS6AI score0.00462EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.11 views

CVE-2024-10715

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.8 views

CVE-2023-4840

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.6 views

CVE-2023-26015

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4...

9.8CVSS8.9AI score0.00734EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:23 a.m.11 views

CVE-2023-7225

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00491EPSS
Exploits2References1
Rows per page
Query Builder