CVE-2022-0208

State: PUBLISHED · Published: 2022-02-14 · Updated: 2024-08-02 · Assigner: WPScan

Description

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / MapPress Maps for WordPress — v=2.73.4 <2.73.4 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc x_refsource_MISC

Source

cvelistV5-main/cves/2022/0xxx/CVE-2022-0208.json