Vulnerabilities > Mappresspro > Mappress > 2.50.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-03 | CVE-2023-6524 | Cross-site Scripting vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. | 5.4 |
2022-04-04 | CVE-2022-0537 | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. | 7.2 |
2020-05-29 | CVE-2020-12675 | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. | 8.8 |
2020-04-23 | CVE-2020-12077 | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. | 8.8 |