|Category:||Web application abuses|
|Title:||WordPress MapPress Plugin < 2.53.9 Multiple Vulnerabilities|
|Summary:||MapPress plugin for WordPress is prone to multiple vulnerabilities.|
MapPress plugin for WordPress is prone to multiple vulnerabilities.
One vulnerability that allowed stored Cross-Site Scripting (XSS)
is present in both the free and pro versions of the plugin, while a far more critical vulnerability
that allowed Remote Code Execution (RCE) is present in the pro version.
The XSS vulnerability could redirect a site visitor to a malicious site,
or even use an administrator's session to take over the site by adding a malicious administrative user.
The RCE vulnerability would allow an authenticated attacker with minimal permissions to upload an executable
PHP file such as a backdoor or webshell. This could easily lead to complete site takeover, as an attacker
with backdoor access could then modify any file on the site, upload additional files, or connect to the
database and insert an administrative user.
WordPress MapPress plugin before version 2.53.9.
Update to version 2.53.9 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-12077|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.