cbcvebase.

Chrisvrichardson Mappress Maps For Wordpress vulnerabilities

6 known vulnerabilities affecting chrisvrichardson/mappress_maps_for_wordpress.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2026-56011P2HIGHCVSS 7.1Exploited≥ n/a, ≤ 2.97.32026-06-26
CVE-2026-56011 [HIGH] CWE-79 CVE-2026-56011: Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions. Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
nvd
CVE-2026-8839P3MEDIUMCVSS 5.3PoC≤ 2.96.62026-06-06
CVE-2026-8839 [MEDIUM] CWE-639 CVE-2026-8839: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through U The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via `Mappress_Api::rest_api_init()`, where the GET `/wp-json/mapp/v1/maps/{mapid}` endpoint uses `'permissio
nvd
CVE-2023-6524P4MEDIUMCVSS 5.4≤ 2.88.132024-01-03
CVE-2023-6524 [MEDIUM] CWE-79 CVE-2023-6524: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in page
nvd
CVE-2023-7225P4MEDIUMCVSS 5.4≤ 2.88.162024-01-30
CVE-2023-7225 [MEDIUM] CWE-79 CVE-2023-7225: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scr
nvd
CVE-2023-4840P4MEDIUMCVSS 5.4≤ 2.88.42023-09-12
CVE-2023-4840 [MEDIUM] CWE-79 CVE-2023-4840: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inj
nvd
CVE-2024-10715P4MEDIUMCVSS 5.4≤ 2.94.12024-11-06
CVE-2024-10715 [MEDIUM] CWE-79 CVE-2024-10715: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, t
nvd
Chrisvrichardson Mappress Maps For Wordpress vulnerabilities | cvebase