WordPress Plugin Vulnerabilities

MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls

Description

Due to incomplete fixes for CVE-2020-12077, an attacker with subscriber privileges may be able to download, delete and upload arbitrary PHP files, which could result in remote command execution.

Affects Plugins

Plugin icon
mappress-google-maps-for-wordpress
Fixed in 2.54.6

References

CVE
CVE-2020-12675
URL
https://blog.alertlogic.com/alert-logic-threat-research-team-identifies-new-vulnerability-cve-2020-12675-in-mappress-plugin-for-wordpress/

Miscellaneous

Original Researcher
Alert Logic
Verified
No
WPVDB ID
f89ccc84-cfca-477e-80ee-5e22d4141df0

Timeline

Publicly Published
2020-05-28 (about 5 years ago)
Added
2020-05-30 (about 5 years ago)
Last Updated
2020-05-31 (about 5 years ago)

Other

Published
Title
Published
2015-07-11
Title
CP Contact Form with Paypal <= 1.1.5 - Multiple Vulnerabilities
Published
2015-08-20
Title
Tribulant Slideshow Gallery < 1.5.3.4 - Arbitrary file upload & Cross-Site Scripting (XSS)
Published
2019-02-13
Title
Online Accessibility <= 2.0.10 - CSRF and lack of Authorisation in AJAX methods
Published
2012-03-21
Title
Video Embed Thumbnail Generator < 2.0 - FPD & RCE
Published
2014-09-17
Title
Google Maps Ready! 1.1.5 - CSRF & XSS