Description
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting
Affected products
- Unknown / MapPress Maps for WordPress2.73.4 – 2.73.4
Exploits & proofs of concept
- nucleiWordPress Plugin MapPress <2.73.4 - Cross-Site Scriptingby edoardottt