Vulnerabilities > CVE-2023-3412 - Unspecified vulnerability in Imagemappro Image MAP PRO 1.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://plugins.trac.wordpress.org/browser/image-map-pro-lite/trunk/image-map-pro-wordpress-lite.php#L410
- https://plugins.trac.wordpress.org/browser/image-map-pro-lite/trunk/image-map-pro-wordpress-lite.php#L410
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b58403df-af09-4d74-88e6-140e3f2f291b?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b58403df-af09-4d74-88e6-140e3f2f291b?source=cve