CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple fields in versions up to, and including, 1.20.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Explanation of Vulnerability in Simple Terms
Mapster WP Maps versions 1.20.0 and earlier contain a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts. The vulnerability affects the site's scope, meaning injected code can impact other users and site functionality. Site administrators should update to a version newer than 1.20.0 to remediate this issue.
What an attacker can do
Inject malicious JavaScript that executes in other users' browsers and affects site functionality.
Potential impact on your site
Authenticated attackers can deface pages, steal session tokens, or redirect visitors to malicious sites.
Conditions required to exploit
Attacker must have a low-privilege user account (e.g., subscriber or contributor role).
Key dates
External resources
Related vulnerabilities
