5.3
CVE-2024-0421
- EPSS 0.57%
- Veröffentlicht 12.02.2024 16:15:08
- Zuletzt bearbeitet 07.05.2025 21:16:00
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure
MapPress Maps for WordPress <= 2.88.15 - Insufficient Authorization to Information Disclosure
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
Mögliche Gegenmaßnahme
MapPress Maps for WordPress: Update to version 2.88.16, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mappresspro ≫ Mappress Maps For Wordpress SwPlatformwordpress Version < 2.88.16
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MapPress Maps for WordPress
Version
*-2.88.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.425 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8a7ced3b-4cb5-463a-aa32-3ccdc886e1a6