Skip to main content

Posts

Showing posts with the label Vulnerabilities in wordpress pligin

Wordpress plugin Vulnerabilities in MapPress Maps Plugin

The Wordfence Threat Intelligence Team discovered two vulnerabilities in  MapPress Maps for WordPress , a WordPress plugin with over 80,000 installations. One vulnerability that allowed stored Cross-Site Scripting (XSS) was present in both the free and pro versions of the plugin, while a far more critical vulnerability that allowed Remote Code Execution (RCE) was present in the pro version. A patched version of both MapPress Free and MapPress Pro were released within hours. We strongly recommend updating both the free and pro versions to the latest version, 2.54.2, as soon as possible. Description : Authenticated Map Creation/Deletion Leading to Stored Cross-Site Scripting (XSS) Affected Plugin :  MapPress Maps for WordPress Plugin Slug : mappress-google-maps-for-wordpress Affected Versions : <=2.53.8 Free and Pro CVE ID : CVE-2020-12077 CVSS Score : 6.5(Medium) CVSS Vector :  CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Fully Patched Version : 2.53.9 MapPres...