MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls



Description
Due to incomplete fixes for CVE-2020-12077, an attacker with subscriber privileges may be able to download, delete and upload arbitrary PHP files, which could result in remote command execution.

Affects Plugin

fixed in version 2.54.6

References

CVE 2020-12675
URL https://blog.alertlogic.com/alert-logic-threat-research-team-identifies-new-vulnerability-cve-2020-12675-in-mappress-plugin-for-wordpress/

Classification

Type MULTI

Miscellaneous

Original Researcher Alert Logic
Views 1069
Verified No
WPVDB ID 10246

Timeline

Publicly Published 2020-05-28 (about 1 month ago)
Added 2020-05-30 (about 1 month ago)
Last Updated 2020-05-31 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin