WordPress Plugin Vulnerabilities

Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite < 1.0.0 - Subscriber+ Stored XSS

Description

The plugin does not sanitize and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks.

Affects Plugins

Plugin icon
image-map-pro-lite
No known fix

References

CVE
CVE-2023-3412

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
cf2a5d94-d2dd-4a5a-9ed3-bfbc37b39384

Timeline

Publicly Published
2023-06-26 (about 2 years ago)
Added
2023-06-27 (about 2 years ago)
Last Updated
2023-06-27 (about 2 years ago)

Other

Published
Title
Published
2025-03-24
Title
Digital License Manager < 1.7.4 - Reflected Cross-Site Scripting via remove_query_arg Function
Published
2023-05-22
Title
Duplicator Pro < 4.5.11.1 - Unauthenticated Reflected XSS
Published
2014-08-01
Title
SocialGrid 2.3 - inline-admin.js.php default_services Parameter XSS
Published
2024-04-19
Title
reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF
Published
2022-03-11
Title
WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting