CVE-2025-2055

CVE-2025-2055: MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS

Vendor Unknown
Product MapPress Maps for WordPress
Published April 3, 2025
Last update April 3, 2025

CVSS base score

What the vulnerability does

01Description

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

April 3, 2025 CVE published
April 3, 2025 Record updated