Test ID:	1.3.6.1.4.1.25623.1.0.112735
Category:	Web application abuses
Title:	WordPress MapPress Plugin < 2.53.9 Multiple Vulnerabilities
Summary:	The WordPress plugin 'MapPress' is prone to multiple; vulnerabilities.
Description:	Summary: The WordPress plugin 'MapPress' is prone to multiple vulnerabilities. Vulnerability Insight: One vulnerability that allowed stored cross-site scripting (XSS) is present in both the free and pro versions of the plugin, while a far more critical vulnerability that allowed remote code execution (RCE) is present in the pro version. Vulnerability Impact: The XSS vulnerability could redirect a site visitor to a malicious site, or even use an administrator's session to take over the site by adding a malicious administrative user. The RCE vulnerability would allow an authenticated attacker with minimal permissions to upload an executable PHP file such as a backdoor or webshell. This could easily lead to complete site takeover, as an attacker with backdoor access could then modify any file on the site, upload additional files, or connect to the database and insert an administrative user. Affected Software/OS: WordPress MapPress plugin before version 2.53.9. Solution: Update to version 2.53.9 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12077 https://wordpress.org/plugins/mappress-google-maps-for-wordpress/#developers https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-patched-in-mappress-maps-plugin/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.