Vulnerabilities > Mappresspro > Mappress Maps FOR Wordpress > 2.77.2

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2023-7225 Cross-site Scripting vulnerability in Mappresspro Mappress Maps for Wordpress
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping.
network
low complexity
mappresspro CWE-79
5.4
5.4
2023-11-03 CVE-2023-26015 SQL Injection vulnerability in Mappresspro Mappress Maps for Wordpress
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.
network
low complexity
mappresspro CWE-89
critical
 9.8
9.8
2023-09-12 CVE-2023-4840 Unspecified vulnerability in Mappresspro Mappress Maps for Wordpress
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
mappresspro
5.4
5.4