Chrisvrichardson Mappress Maps For Wordpress vulnerabilities

4 known vulnerabilities affecting chrisvrichardson/mappress_maps_for_wordpress.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-10715MEDIUMCVSS 5.4≤ 2.94.12024-11-06
CVE-2024-10715 [MEDIUM] CWE-79 CVE-2024-10715: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, t
cvelistv5nvd
CVE-2023-7225MEDIUMCVSS 5.4≤ 2.88.162024-01-30
CVE-2023-7225 [MEDIUM] CWE-79 CVE-2023-7225: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scr
cvelistv5nvd
CVE-2023-6524MEDIUMCVSS 5.4≤ 2.88.132024-01-03
CVE-2023-6524 [MEDIUM] CWE-79 CVE-2023-6524: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in page
cvelistv5nvd
CVE-2023-4840MEDIUMCVSS 5.4≤ 2.88.42023-09-12
CVE-2023-4840 [MEDIUM] CWE-79 CVE-2023-4840: The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inj
cvelistv5nvd