CVE-2022-0208

Name of the Vulnerable Software and Affected Versions MapPress Maps for WordPress versions prior to 2.73.4

Description The issue arises from the failure to sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting attack. This vulnerability can be exploited by a remote attacker to conduct an inter-site scripting attack.

Recommendations For versions prior to 2.73.4, update to version 2.73.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the mapid parameter in the affected API endpoint until a patch is available.