PT-2024-15543 · WordPress · Mappress Maps
Salvatore Bova
·
Published
2024-02-12
·
Updated
2024-10-27
·
CVE-2024-0420
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MapPress Maps for WordPress versions prior to 2.88.15
Description
The issue allows Contributors and above roles to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of the map title when it is outputted back in the admin dashboard.
Recommendations
For versions prior to 2.88.15, update to version 2.88.15 or later to resolve the issue. As a temporary workaround, consider restricting the ability of Contributors and above roles to input map titles until a patch is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mappress Maps