CVE-2024-0420

EUVD-2024-16215
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
mappresspromappress_maps_for_wordpress
𝑥
< 2.88.15
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mappresspromappress_maps
𝑥
< 2.88.15
ADP
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/
https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/