CVE-2025-2055
Severity
6.8MEDIUM
EPSS
0.3%
top 43.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 3
Description
The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9