The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
History

Fri, 04 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Mappresspro
Mappresspro mappress Maps For Wordpress
Weaknesses CWE-639
CPEs cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:*
Vendors & Products Mappresspro
Mappresspro mappress Maps For Wordpress
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


Fri, 30 Aug 2024 13:00:00 +0000

Type Values Removed Values Added
Description The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-02-12T16:05:57.729Z

Updated: 2024-08-30T12:53:51.264Z

Reserved: 2024-01-11T11:58:50.352Z

Link: CVE-2024-0421

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-02-12T16:15:08.620

Modified: 2024-11-21T08:46:33.170

Link: CVE-2024-0421

cve-icon Redhat

No data.