CVE-2022-0537

Name of the Vulnerable Software and Affected Versions MapPress Maps for WordPress versions prior to 2.73.13

Description The issue allows a high privileged user to bypass certain security settings and upload arbitrary files to the site through the ajax save function. The file is written relative to the current stylesheet directory with a .php file extension added, and no validation is performed on the file's content. This can trigger a remote code execution (RCE) vulnerability by uploading a web shell. Additionally, the name parameter is not sanitized, allowing the payload to be uploaded to any directory the server has write access to.

Recommendations For versions prior to 2.73.13, update to version 2.73.13 or later to resolve the issue. As a temporary workaround, consider disabling the ajax save function until a patch is available. Restrict access to the stylesheet directory to minimize the risk of exploitation. Avoid using the name parameter in the affected API endpoint until the issue is resolved.