CVE-2024-0421Authorization Bypass Through User-Controlled Key in Mappress Maps FOR Wordpress

CWE-639Authorization Bypass Through User-Controlled Key3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 39.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mappresspro Mappress Maps FOR Wordpress
Timeline
PublishedFeb 12

Description

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure2024-02-12
GHSA
GHSA-63m9-q6cc-99p4: The MapPress Maps for WordPress plugin before 22024-02-12
CVE-2024-0421 — MEDIUM severity | cvebase