Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical0
High1
Medium6
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2025-06-04

CVE-2024-8620 - Mappress Maps For Plugin

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Mappress Maps For

CVE-2024-8620

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-28

CVE-2025-2162 - Mappress Maps For Plugin

The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Mappress Maps For

CVE-2025-2162

MEDIUM CVSS 4.8 2025-04-18
Open Full Technical Breakdown
Threat Entry Updated 2025-04-29

CVE-2025-2055 - Mappress Maps For Plugin

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

PLUGIN Mappress Maps For

CVE-2025-2055

MEDIUM CVSS 6.8 2025-04-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0420 - Mappress Maps For Plugin

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks

PLUGIN Mappress Maps For

CVE-2024-0420

MEDIUM CVSS 5.4 2024-02-12
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-0421 - Mappress Maps For Plugin

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

PLUGIN Mappress Maps For

CVE-2024-0421

MEDIUM CVSS 5.3 2024-02-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0537 - Mappress Maps For Plugin

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write…

PLUGIN Mappress Maps For

CVE-2022-0537

HIGH CVSS 7.2 2022-04-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0208 - Mappress Maps For Plugin

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting

PLUGIN Mappress Maps For

CVE-2022-0208

MEDIUM CVSS 6.1 2022-02-14
Open Full Technical Breakdown
Scroll to top