MapPress Maps for WordPress <= 2.53.8 is vulnerable to Auth. File Upload, Deletion, and Disclosure Leading to RCE or Site Reset

Subscriber

Published
2020-04-22

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.

CVE

https://www.cve.org/CVERecord?id=CVE-2020-12077

CVSS

Score:9.9

Severity:Critical

Version: 2.53.8

There is a patch available in v2.53.9 and we strongly recommend you update to this version as soon as possible.