The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Webcraftplugins |
|
No data.
References
History
Wed, 05 Feb 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jan 2025 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Webcraftplugins
Webcraftplugins image Map Pro |
|
| CPEs | cpe:2.3:a:webcraftplugins:image_map_pro:*:*:*:*:lite:wordpress:*:* | |
| Vendors & Products |
Imagemappro
Imagemappro image Map Pro |
Webcraftplugins
Webcraftplugins image Map Pro |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-02-05T19:42:07.336Z
Reserved: 2023-06-26T14:58:32.904Z
Link: CVE-2023-3412
Vulnrichment
Updated: 2024-08-02T06:55:03.314Z
NVD
Status : Modified
Published: 2023-06-27T04:15:10.447
Modified: 2025-01-13T18:27:44.140
Link: CVE-2023-3412
Redhat
No data.