exploitDog

CVE-2025-2055

Опубликовано: 03 апр. 2025

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

Ссылки

https://wpscan.com/vulnerability/a8bfdbbf-6963-4fab-826a-6be770ac72c3/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mappresspro:mappress:*:*:*:*:free:wordpress:*:*

Версия до 2.94.9 (исключая)

EPSS

Процентиль: 56%

0.00339

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-wh3v-xmpm-9x73

CVSS3: 6.8

github

10 месяцев назад

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

EPSS

Процентиль: 56%

0.00339

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-79