CVE-2024-0421

MEDIUM

Mappresspro Mappress Maps For Wordpress < 2.88.16 - IDOR

Title source: rule
STIX 2.1

Description

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/

Scores

CVSS v3 5.3
EPSS 0.0040
EPSS Percentile 60.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (1)
mappresspro/mappress_maps_for_wordpress < 2.88.16
Published Feb 12, 2024
Tracked Since Feb 18, 2026