CVE-2024-0421

Name of the Vulnerable Software and Affected Versions MapPress Maps for WordPress versions prior to 2.88.16

Description The issue affects the MapPress Maps for WordPress plugin, allowing unauthenticated users to read arbitrary private and draft posts due to an Insecure Direct Object Reference (IDOR) vulnerability. This occurs because the plugin does not ensure that posts retrieved via an AJAX action are public maps.

Recommendations For versions prior to 2.88.16, update to version 2.88.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action that retrieves posts to prevent unauthenticated users from reading private and draft posts.