Cheat sheets

CVE-2020-12077: WordPress plugin vulnerability

Share this with people that should know this:

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.

References

  • wordpress.org/plugins/mappress-google-maps-for-wordpress/#developers
  • www.wordfence.com/blog/2020/04/critical-vulnerabilities-patched-in-mappress-maps-plugin/
  • Share this with people that should know this: