Vulnerabilities > Mappresspro > Mappress > 2.69
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-03 | CVE-2023-6524 | Cross-site Scripting vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. | 5.4 |
2022-04-04 | CVE-2022-0537 | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. | 7.2 |