Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.112735
Category:Web application abuses
Title:WordPress MapPress Plugin < 2.53.9 Multiple Vulnerabilities
Summary:MapPress plugin for WordPress is prone to multiple vulnerabilities.
Description:Summary:
MapPress plugin for WordPress is prone to multiple vulnerabilities.

Vulnerability Insight:
One vulnerability that allowed stored Cross-Site Scripting (XSS)
is present in both the free and pro versions of the plugin, while a far more critical vulnerability
that allowed Remote Code Execution (RCE) is present in the pro version.

Vulnerability Impact:
The XSS vulnerability could redirect a site visitor to a malicious site,
or even use an administrator's session to take over the site by adding a malicious administrative user.

The RCE vulnerability would allow an authenticated attacker with minimal permissions to upload an executable
PHP file such as a backdoor or webshell. This could easily lead to complete site takeover, as an attacker
with backdoor access could then modify any file on the site, upload additional files, or connect to the
database and insert an administrative user.

Affected Software/OS:
WordPress MapPress plugin before version 2.53.9.

Solution:
Update to version 2.53.9 or later.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-12077
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.