Unknown Mappress Maps For Wordpress vulnerabilities
7 known vulnerabilities affecting unknown/mappress_maps_for_wordpress.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2024-8620MEDIUMCVSS 4.8fixed in 2.932025-05-15
CVE-2024-8620 [MEDIUM] CWE-79 CVE-2024-8620: The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
cvelistv5nvd
CVE-2025-2162MEDIUMCVSS 4.8≥ 2.94.9, < 2.94.102025-04-18
CVE-2025-2162 [MEDIUM] CWE-79 CVE-2025-2162: The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its setti
The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
cvelistv5nvd
CVE-2025-2055MEDIUMCVSS 6.8fixed in 2.94.92025-04-03
CVE-2025-2055 [MEDIUM] CWE-79 CVE-2025-2055: The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters wh
The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
cvelistv5nvd
CVE-2024-0420MEDIUMCVSS 5.4fixed in 2.88.152024-02-12
CVE-2024-0420 [MEDIUM] CWE-79 CVE-2024-0420: The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title whe
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
cvelistv5nvd
CVE-2024-0421MEDIUMCVSS 5.3fixed in 2.88.162024-02-12
CVE-2024-0421 [MEDIUM] CWE-639 CVE-2024-0421: The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure t
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
cvelistv5nvd
CVE-2022-0537HIGHCVSS 7.2≥ 2.73.13, < 2.73.132022-04-04
CVE-2022-0537 [HIGH] CWE-434 CVE-2022-0537: The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DI
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed o
cvelistv5nvd
CVE-2022-0208MEDIUMCVSS 6.1PoC≥ 2.73.4, < 2.73.42022-02-14
CVE-2022-0208 [MEDIUM] CWE-79 CVE-2022-0208: The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid paramete
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting
cvelistv5nvd