WordPress · Mappress Maps · CVE-2024-0420
**Name of the Vulnerable Software and Affected Versions**
MapPress Maps for WordPress versions prior to 2.88.15
**Description**
The issue allows Contributors and above roles to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of the map title when it is outputted back in the admin dashboard.
**Recommendations**
For versions prior to 2.88.15, update to version 2.88.15 or later to resolve the issue. As a temporary workaround, consider restricting the ability of Contributors and above roles to input map titles until a patch is applied.