CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6524 – MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6524
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MapPress Maps for WordPress plugin for WordPress es vulnerable a cross site scripting almacenado a través del parámetro map title en todas las versiones hasta la 2.88.13 inclusive debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados con acceso de colaborador o superior inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://advisory.abay.sh/cve-2023-6524 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015598%40mappress-google-maps-for-wordpress%2Ftrunk&old=3001436%40mappress-google-maps-for-wordpress%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0537 – MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-0537
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access. El plugin MapPress Maps para WordPress versiones anteriores a 2.73.13, permite a un usuario con altos privilegios omitir las configuraciones DISALLOW_FILE_EDIT y DISALLOW_FILE_MODS y subir archivos arbitrarios al sitio mediante la función "ajax_save". • https://wpscan.com/vulnerability/abfbba70-5158-4990-98e5-f302361db367 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0208 – MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting
https://notcve.org/view.php?id=CVE-2022-0208
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting El plugin MapPress Maps para WordPress versiones anteriores a 2.73.4, no sanea y escapa del parámetro mapid antes de devolverlo en el mensaje de error "Bad mapid", conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12675 – MapPress Maps <= 2.54.5 - Remote Code Execution via Improper Capability Checks in AJAX Calls
https://notcve.org/view.php?id=CVE-2020-12675
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. El plugin mappress-google-maps-for-wordpress versiones anteriores a 2.54.6 para WordPress, no implementa correctamente las comprobaciones de capacidad para las funcionalidades AJAX relacionadas con la creación/recuperación/eliminación de archivos de plantillas PHP, conllevando a una Ejecución de Código Remota. NOTA: este problema se presenta debido a una corrección incompleta para CVE-2020-12077. • https://blog.alertlogic.com/alert-logic-threat-research-team-identifies-new-vulnerability-cve-2020-12675-in-mappress-plugin-for-wordpress https://wordpress.org/plugins/mappress-google-maps-for-wordpress/#developers • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-12077 – MapPress Maps for WordPress <=2.53.8 - Authenticated Map Creation/Deletion to Stored Cross-Site Scripting & Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12077
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. El plugin mappress-google-maps-for-wordpress en versiones anteriores a la 2.53.9 para Wordpress no implementa correctamente las funciones AJAX con nonces (o controles de capacidad), lo que conduce a la ejecución de código remoto. • https://github.com/RandomRobbieBF/CVE-2020-12077 https://wordpress.org/plugins/mappress-google-maps-for-wordpress/#developers https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-patched-in-mappress-maps-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •