Mappresspro

Mappress

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-8620

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:59
  • Zuletzt bearbeitet 04.06.2025 20:08:11

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa...

4.8

CVE-2025-2162

Exploit
  • EPSS 0.17%
  • Veröffentlicht 18.04.2025 06:00:08
  • Zuletzt bearbeitet 28.05.2025 17:43:00

The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d...

6.8

CVE-2025-2055

Exploit
  • EPSS 0.34%
  • Veröffentlicht 03.04.2025 06:15:42
  • Zuletzt bearbeitet 29.04.2025 20:49:45

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

5.4

CVE-2024-10715

  • EPSS 0.25%
  • Veröffentlicht 06.11.2024 11:15:03
  • Zuletzt bearbeitet 08.11.2024 20:25:37

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attr...

5.4

CVE-2023-7225

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.01.2024 08:15:40
  • Zuletzt bearbeitet 21.11.2024 08:45:33

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes...

5.4

CVE-2023-6524

Exploit
  • EPSS 0.12%
  • Veröffentlicht 03.01.2024 06:15:47
  • Zuletzt bearbeitet 21.11.2024 08:44:01

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possib...

9.8

CVE-2023-26015

  • EPSS 0.21%
  • Veröffentlicht 03.11.2023 13:15:08
  • Zuletzt bearbeitet 19.02.2025 22:15:14

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress:...

5.4

CVE-2023-4840

  • EPSS 0.14%
  • Veröffentlicht 12.09.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 08:36:04

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes...

7.2

CVE-2022-0537

Exploit
  • EPSS 0.88%
  • Veröffentlicht 04.04.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:38:52

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative...

6.1

CVE-2022-0208

Exploit
  • EPSS 4.31%
  • Veröffentlicht 14.02.2022 12:15:16
  • Zuletzt bearbeitet 21.11.2024 06:38:08

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting