All the vulnerabilites related to Unknown - MapPress Maps for WordPress
cve-2022-0208
Vulnerability from cvelistv5
Published
2022-02-14 09:21
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Unknown | MapPress Maps for WordPress |
Version: 2.73.4 < 2.73.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MapPress Maps for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.73.4",
"status": "affected",
"version": "2.73.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the \"Bad mapid\" error message, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T09:21:07",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MapPress Maps for WordPress \u003c 2.73.4 - Reflected Cross-Site scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0208",
"STATE": "PUBLIC",
"TITLE": "MapPress Maps for WordPress \u003c 2.73.4 - Reflected Cross-Site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MapPress Maps for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.73.4",
"version_value": "2.73.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the \"Bad mapid\" error message, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0208",
"datePublished": "2022-02-14T09:21:07",
"dateReserved": "2022-01-12T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0421
Vulnerability from cvelistv5
Published
2024-02-12 16:05
Modified
2024-08-30 12:53
Severity ?
EPSS score ?
Summary
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Unknown | MapPress Maps for WordPress |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "MapPress Maps for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.88.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T12:53:51.264Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MapPress Maps for WordPress \u003c 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-0421",
"datePublished": "2024-02-12T16:05:57.729Z",
"dateReserved": "2024-01-11T11:58:50.352Z",
"dateUpdated": "2024-08-30T12:53:51.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0420
Vulnerability from cvelistv5
Published
2024-02-12 16:05
Modified
2024-10-27 22:09
Severity ?
EPSS score ?
Summary
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Unknown | MapPress Maps for WordPress |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mappresspro:mappress_maps:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "mappress_maps",
"vendor": "mappresspro",
"versions": [
{
"lessThan": "2.88.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0420",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-27T22:08:20.926267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T22:09:18.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "MapPress Maps for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.88.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Salvatore Bova"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T16:07:32.748Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MapPress Maps for WordPress \u003c 2.88.15 - Contributor+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-0420",
"datePublished": "2024-02-12T16:05:58.767Z",
"dateReserved": "2024-01-11T11:30:33.280Z",
"dateUpdated": "2024-10-27T22:09:18.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0537
Vulnerability from cvelistv5
Published
2022-04-04 15:35
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/abfbba70-5158-4990-98e5-f302361db367 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Unknown | MapPress Maps for WordPress |
Version: 2.73.13 < 2.73.13 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/abfbba70-5158-4990-98e5-f302361db367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MapPress Maps for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.73.13",
"status": "affected",
"version": "2.73.13",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "qerogram"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the \"ajax_save\" function. The file is written relative to the current \u0027s stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T15:35:46",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/abfbba70-5158-4990-98e5-f302361db367"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MapPress Maps for WordPress \u003c 2.73.13 - Admin+ File Upload to Remote Code Execution",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0537",
"STATE": "PUBLIC",
"TITLE": "MapPress Maps for WordPress \u003c 2.73.13 - Admin+ File Upload to Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MapPress Maps for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.73.13",
"version_value": "2.73.13"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "qerogram"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the \"ajax_save\" function. The file is written relative to the current \u0027s stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/abfbba70-5158-4990-98e5-f302361db367",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/abfbba70-5158-4990-98e5-f302361db367"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0537",
"datePublished": "2022-04-04T15:35:46",
"dateReserved": "2022-02-08T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}