Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-0208

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
4.3%
top 11.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown Mappress Maps FOR WordpressMappresspro Mappress
Timeline
PublishedFeb 14
Latest updateFeb 15

Description

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/mappress_maps_for_wordpress2.73.42.73.4
NVDmappresspro/mappress< 2.73.4

🔴Vulnerability Details

2
GHSA
GHSA-3c8f-rp5x-hvrg: The MapPress Maps for WordPress plugin before 22022-02-15
CVEList
MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting2022-02-14

💥Exploits & PoCs

1
Nuclei
WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting
CVE-2022-0208 (MEDIUM CVSS 6.1) | The MapPress Maps for WordPress plu | cvebase.io