← back
CVE-2024-0420

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

CVSS 6.1 MEDIUMEPSS 0.5%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Feb 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · MapPress Maps for WordPress

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/