The Wordfence Threat Intelligence Team discovered two vulnerabilities in MapPress Maps for WordPress , a WordPress plugin with over 80,000 installations. One vulnerability that allowed stored Cross-Site Scripting (XSS) was present in both the free and pro versions of the plugin, while a far more critical vulnerability that allowed Remote Code Execution (RCE) was present in the pro version. A patched version of both MapPress Free and MapPress Pro were released within hours. We strongly recommend updating both the free and pro versions to the latest version, 2.54.2, as soon as possible. Description : Authenticated Map Creation/Deletion Leading to Stored Cross-Site Scripting (XSS) Affected Plugin : MapPress Maps for WordPress Plugin Slug : mappress-google-maps-for-wordpress Affected Versions : <=2.53.8 Free and Pro CVE ID : CVE-2020-12077 CVSS Score : 6.5(Medium) CVSS Vector : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Fully Patched Version : 2.53.9 MapPres...
With over 15 years as a full-stack developer, I excel in PHP, Java, and Bootstrap, serving 5000+ clients on Fiverr and Upwork. I've developed 6000+ websites, CRMs, and plugins, specializing in WordPress and OpenCart. My focus includes user-centric design, SEO, transparent pricing, and meeting deadlines. I also offer technical consulting, hosting advice, and troubleshooting. Check my Fiverr profile at fiverr.com/lalityadavswd1, or contact me on Skype: lalit.yadavswd.