Vulnerabilities and security researches formapster-wp-maps mapster-wp-maps

Jun 07, 2024

CVE, Research URL: 19e7ea1e09f3af5b92d8a112012b7c6a59ada0d1
Home page URL: Security reports for Mapster WP Maps
Application: Mapster WP Maps
Date: Jul 18, 2023
Research Description: Mapster WP Maps [mapster-wp-maps] < 1.2.36 WordPress Mapster WP Maps Plugin < 1.2.36 is vulnerable to Cross Site Scripting (XSS) Update the plugin to the latest version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Mapster WP Maps Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.2.36.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-21744
Home page URL: Security reports for Mapster WP Maps
Application: Mapster WP Maps
Date: Jan 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: from n/a through 1.2.38.
Affected versions: Min -, max -.
Status: vulnerable

Oct 26, 2024

CVE, Research URL: CVE-2024-9235
Home page URL: Security reports for Mapster WP Maps
Application: Mapster WP Maps
Date: Oct 25, 2024
Research Description: The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Affected versions: Min -, max -.
Status: vulnerable

Nov 17, 2024

CVE, Research URL: CVE-2024-10592
Home page URL: Security reports for Mapster WP Maps
Application: Mapster WP Maps
Date: Nov 16, 2024
Research Description: The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable