WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
Title source: cnaExploitation Summary
CVE-2026-56011 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including rootdirective-sec.
AI-analyzed exploit summary This repository provides a detailed technical analysis and Docker-based lab for CVE-2026-56011, an unauthenticated XSS vulnerability in MapPress Maps for WordPress. It includes a comparison between vulnerable (2.97.3) and patched (2.97.4) versions, demonstrating the root cause and fix.
Description
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
Exploits (1)
This repository provides a detailed technical analysis and Docker-based lab for CVE-2026-56011, an unauthenticated XSS vulnerability in MapPress Maps for WordPress. It includes a comparison between vulnerable (2.97.3) and patched (2.97.4) versions, demonstrating the root cause and fix.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L