Mappresspro Mappress
12 CVEs affecting Mappresspro Mappress. Latest disclosed: 2025-05-15. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-12675 | High | 8.8 | 2020-05-29 | The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation… |
CVE-2020-12077 | High | 8.8 | 2020-04-23 | The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leadi… |
CVE-2022-0537 | High | 7.2 | 2022-04-04 | The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload… |
CVE-2023-26015 | High | 7.1 | 2023-11-03 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-goo… |
CVE-2025-2055 | Medium | 6.8 | 2025-04-03 | The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with… |
CVE-2024-10715 | Medium | 6.4 | 2024-11-06 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and includi… |
CVE-2023-7225 | Medium | 6.4 | 2024-01-30 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, an… |
CVE-2023-6524 | Medium | 6.4 | 2024-01-03 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and includi… |
CVE-2023-4840 | Medium | 6.4 | 2023-09-12 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2… |
CVE-2022-0208 | Medium | 6.1 | 2022-02-14 | The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error messag… |
CVE-2024-8620 | Medium | 4.8 | 2025-05-15 | The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p… |
CVE-2025-2162 | Medium | 4.8 | 2025-04-18 | The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin t… |