CVE-2024-0421

State: PUBLISHED · Published: 2024-02-12 · Updated: 2025-05-07 · Assigner: WPScan

Description

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

CWE

(none)

Affected

Unknown / MapPress Maps for WordPress — v=0 <2.88.16 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2024/0xxx/CVE-2024-0421.json