CVE-2024-9584

The Image Map Pro WordPress plugin (up to version 6.0.20) has a missing capability check on its AJAX functions, allowing authenticated attackers with contributor-level privileges or higher to add, update, or delete map projects. The issue is fixed in 6.0.21; upgrade to a version > 6.0.20 to re...

CVE-2024-9585

CVE-2024-9585 — Image Map Pro (WordPress) up to 6.0.20 stores cross-site scripting via the save_project function due to insufficient input sanitization and output escaping on user-supplied attributes. An authenticated attacker with contributor-level or higher permissions can inject arbitrary scri...

CVE-2023-3412

CVE-2023-3412 affects the WordPress plugin Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite, vulnerable in versions up to and including 1.0.0. The root cause is a missing capability check on the ajax_store_save() function, enabling authenticated attackers with minimal privilege...

CVE-2023-3411

CVE-2023-3411 corresponds to the Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite WordPress plugin. The vulnerability is CSRF due to missing nonce validation on the ajax_store_save() path, enabling unauthenticated attackers to modify plugin settings and inject scripts if a site...