Every CVE whose affected-product data names Mappresspro Mappress, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-12675 — CVSS 8.8 (high): The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions…
CVE-2020-12077 — CVSS 8.8 (high): The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or…
CVE-2022-0537 — CVSS 7.2 (high): The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS…
CVE-2023-26015 — CVSS 7.1 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for…
CVE-2025-2055 — CVSS 6.8 (medium): The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which…
CVE-2023-6524 — CVSS 6.4 (medium): The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all…
CVE-2023-4840 — CVSS 6.4 (medium): The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up…
CVE-2023-7225 — CVSS 6.4 (medium): The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in…
CVE-2024-10715 — CVSS 6.4 (medium): The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all…
CVE-2022-0208 — CVSS 6.1 (medium): The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad…
CVE-2024-8620 — CVSS 4.8 (medium): The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2025-2162 — CVSS 4.8 (medium): The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege…