WordPress Plugin Vulnerabilities

Image Map Pro < 5.6.9 - Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.

Affects Plugins

Plugin icon
image-map-pro
Fixed in 5.6.9

References

CVE
CVE-2022-45850

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
d981a683-0007-4fc6-a809-5887c80c9576

Timeline

Publicly Published
2022-11-23 (about 3 years ago)
Added
2023-05-10 (about 3 years ago)
Last Updated
2023-05-10 (about 3 years ago)

Other

Published
Title
Published
2025-03-24
Title
My Bootstrap Menu <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-02-20
Title
YARPP < 5.30.10 - Admin+ Stored XSS
Published
2015-02-22
Title
Acobot Live Chat & Contact Form <= 2.0 - CSRF/XSS
Published
2024-11-22
Title
HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-12-04
Title
Dashboard Widgets Suite < 3.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting