Lucene search
Salvatore BovaWPEX-ID:B6187EF8-70F4-4911-ABD7-42BF6B7E54B7HistoryJan 17, 2024 - 12:00 a.m.
MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS
2024-01-1700:00:00
Salvatore Bova
33
mappress
wordpress
contributor
stored xss
dashboard
exploit
Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
As a contributor, create/edit a map with the below payload as title and attach it to a post (can be done in the post dashboard in the Map column)
<script>alert(/XSS/)</script>
The XSS will be triggered when anyone access the post dashboard (/wp-admin/edit.php?post_type=post)Related
nvd
nvd
CVE-2024-0420
2024-02-12 16:15:08
prion
prion
Cross site scripting
2024-02-12 16:15:00
cve
cve
CVE-2024-0420
2024-02-12 16:15:08
cvelist
cvelist
wpvulndb
wpvulndb
MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS
2024-01-17 00:00:00
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Related for WPEX-ID:B6187EF8-70F4-4911-ABD7-42BF6B7E54B7