CVE-2024-0421

MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

CVSS 5.3 MEDIUMEPSS 0.6%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Feb 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Unknown · MapPress Maps for WordPress

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/