cleantalk
Vulnerabilities and Security Researches

MapifyLite (by MapifyPro), e5bfd53d-0d9a-42f2-8af8-5bb710bac828

CVE, Research URL

e5bfd53d-0d9a-42f2-8af8-5bb710bac828

Home page URL

Security reports for MapifyLite (by MapifyPro)

Application

MapifyLite (by MapifyPro)

Published on
-
Research Description
MapifyLite (by MapifyPro) [mapifylite] < 4.0.0 MapifyLite &amp; MapifyPro &lt; 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS) The plugin does not sanitise the Image URL (either in the settings or in a location), allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes (WPScanTeam): - The vendor has been notified on March 24th, 2021 - April 3rd, 2021 - v4.0.0 released of MapifyLite and MapifyPro, fixing the issue
Affected versions
max 4.0.0.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
WP Docs (40e7e863cd583e8579c98f07aa06f53f17974621) , Jun 16, 2026
Attendance Manager (d61a53a5132d4f127db04c355b728189ae540eb5) , Jun 16, 2026
Slider Hero with Animation, Video Background (e03420c55099714ac90da016761d318e5e1cb6db) , Jun 16, 2026
Slider Hero with Animation, Video Background (ec2738226d537a4c17dbff19a2e826361834f640) , Jun 16, 2026
Slider Hero with Animation, Video Background (20851a18-8309-4405-b85c-acaa047effa7) , Jun 16, 2026