The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
History

Sun, 27 Oct 2024 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Mappresspro mappress Maps
CPEs cpe:2.3:a:mappresspro:mappress_maps:-:*:*:*:*:wordpress:*:*
Vendors & Products Mappresspro mappress Maps
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Fri, 04 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Mappresspro
Mappresspro mappress Maps For Wordpress
Weaknesses CWE-79
CPEs cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:*
Vendors & Products Mappresspro
Mappresspro mappress Maps For Wordpress
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-02-12T16:05:58.767Z

Updated: 2024-10-27T22:09:18.545Z

Reserved: 2024-01-11T11:30:33.280Z

Link: CVE-2024-0420

cve-icon Vulnrichment

Updated: 2024-08-01T18:04:49.657Z

cve-icon NVD

Status : Modified

Published: 2024-02-12T16:15:08.557

Modified: 2024-11-21T08:46:32.963

Link: CVE-2024-0420

cve-icon Redhat

No data.