CVE-2022-0208

CVE-2022-0208: MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting

Vendor Unknown

Product MapPress Maps for WordPress

Weakness CWE-79 · XSS

Published February 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

February 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0208 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-49039 WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-8730 Exit Notifier <= 1.10.4 - Reflected Cross-Site Scripting CVE-2021-39357 Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode CVE-2017-16016