CVE-2024-9235

Name of the Vulnerable Software and Affected Versions Mapster WP Maps plugin for WordPress versions up to, and including, 1.5.0

Description The issue allows unauthorized modification of data, potentially leading to privilege escalation, due to an insufficient capability check on the mapster wp maps set option from js() function. This enables authenticated attackers with contributor-level access or higher to update arbitrary options on the WordPress site, which can be used to gain administrative user access.

Recommendations For Mapster WP Maps plugin for WordPress versions up to, and including, 1.5.0, update to a version higher than 1.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the mapster wp maps set option from js() function until a patch is available.