Vulnerabilities > CVE-2024-0421 - Authorization Bypass Through User-Controlled Key vulnerability in Mappresspro Mappress Maps for Wordpress

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mappresspro
CWE-639
NVD
Published: 2024-02-12
Updated: 2024-10-04

Summary

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

Vulnerable Configurations

Part Description Count
Application
Mappresspro
163

Common Weakness Enumeration (CWE)

References