The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
Metrics
Affected Vendors & Products
References
History
Fri, 04 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mappresspro
Mappresspro mappress Maps For Wordpress |
|
Weaknesses | CWE-639 | |
CPEs | cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Mappresspro
Mappresspro mappress Maps For Wordpress |
|
Metrics |
cvssV3_1
|
Fri, 30 Aug 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. | The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. |
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-02-12T16:05:57.729Z
Updated: 2024-08-30T12:53:51.264Z
Reserved: 2024-01-11T11:58:50.352Z
Link: CVE-2024-0421
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-12T16:15:08.620
Modified: 2024-11-21T08:46:33.170
Link: CVE-2024-0421
Redhat
No data.