Vulnerabilities (CVE)

Filtered by vendor Mappresspro Subscribe

Filtered by product Mappress

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-12675	1 Mappresspro	1 Mappress	2020-05-29	6.5 MEDIUM	8.8 HIGH
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077.
CVE-2020-12077	1 Mappresspro	1 Mappress	2020-04-28	6.5 MEDIUM	8.8 HIGH
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.