CVE-2022-0208

MEDIUM NUCLEI

MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site Scripting via mapid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-0208 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting

Nuclei Templates (1)

WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting
MEDIUMby edoardottt

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc

Scores

CVSS v3 6.1
EPSS 0.0202
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
mappresspro/mappress < 2.73.4
Published Feb 14, 2022
Tracked Since Feb 18, 2026