cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10592,https://securityvulnerability.io/vulnerability/CVE-2024-10592,Stored Cross-Site Scripting Vulnerability in WP Maps Plugin,"The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Mapster WP Maps,6.4,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-11-16T09:36:35.455Z,0
CVE-2024-9235,https://securityvulnerability.io/vulnerability/CVE-2024-9235,Attackers Can Modify Options and Gain Admin Access,"The Mapster WP Maps plugin for WordPress has a vulnerability that allows authenticated users, with contributor-level access or higher, to exploit insufficient capability checks in the mapster_wp_maps_set_option_from_js() function. This flaw enables these users to update arbitrary options on a WordPress site, including changing the default role for new user registrations to administrator. Such an exploit can allow adversaries to gain administrative privileges on compromised sites, posing a significant security risk to affected WordPress installations.",Wordpress,Mapster WP Maps,8.8,HIGH,0.000590000010561198,false,,false,false,false,,false,false,2024-10-25T06:51:25.526Z,0