Vulnerabilities and security researches formapifylite mapifylite

Jun 07, 2024

CVE, Research URL: d7a357e358b4eb001b41f84d3531981914480734
Home page URL: Security reports for MapifyLite (by MapifyPro)
Application: MapifyLite (by MapifyPro)
Date: Mar 24, 2021
Research Description: MapifyLite (by MapifyPro) [mapifylite] <= 3.3.0 (unfixed) WordPress MapifyLife plugin <= 3.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Eagle Eye in WordPress MapifyLife plugin (versions <= 3.3.0).
Affected versions: max 3.3.0.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: e5bfd53d-0d9a-42f2-8af8-5bb710bac828
Home page URL: Security reports for MapifyLite (by MapifyPro)
Application: MapifyLite (by MapifyPro)
Date: -
Research Description: MapifyLite (by MapifyPro) [mapifylite] < 4.0.0 MapifyLite & MapifyPro < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS) The plugin does not sanitise the Image URL (either in the settings or in a location), allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes (WPScanTeam): - The vendor has been notified on March 24th, 2021 - April 3rd, 2021 - v4.0.0 released of MapifyLite and MapifyPro, fixing the issue
Affected versions: max 4.0.0.
Status: vulnerable

CVE, Research URL: 6be590d56cf666ad67a6e008b71242e607d966ea
Home page URL: Security reports for MapifyLite (by MapifyPro)
Application: MapifyLite (by MapifyPro)
Date: Mar 24, 2021
Research Description: MapifyLite (by MapifyPro) [mapifylite] < 4.0.0 MapifyLite and MapifyPro <= 3.3 - Authenticated Stored Cross-Site Scripting The MapifyLite and MapifyPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.0.0.
Status: vulnerable