CVE-2024-10715

Published Nov 6, 2024

Last updated 9 days ago

CVSS medium 5.4

Overview

Description
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source
security@wordfence.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10715 (Published: 2024-11-06) - A high-severity vulnerability in MapPress for WordPress affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For detailed changes, check the update log: https://t.co/LgwXLTjQcd… https

    @transilienceai

    9 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-10715 Stored XSS Vulnerability in MapPress Maps Plugin for WordPress The MapPress Maps for WordPress plugin has a Stored Cross-Site Scripting vulnerability. This affects all versions up to 2.94.1. The pr... https://t.co/Nx6VIWwWxo

    @VulmonFeeds

    6 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-10715 The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.9… https://t.co/EMQtRkvrGx

    @CVEnew

    6 Nov 2024

    595 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References