Cross-Site Scripting Vulnerability in ShMapper by Teplitsa
CVE-2025-24674

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Shmapper By Teplitsa
Vendor: CVE Published:; 24 January 2025

Summary

The ShMapper plugin by Teplitsa contains a Cross-Site Scripting (XSS) vulnerability caused by improper input handling during web page generation. This security flaw allows for stored XSS attacks, potentially enabling attackers to inject malicious scripts that impede user security and compromise sensitive data. Versions from n/a to 1.5.0 are prone to this vulnerability, necessitating immediate attention from users to safeguard their web applications.

Affected Version(s)

ShMapper by Teplitsa <= 1.5.0

References

https://patchstack.com/database/wordpress/plugin/shmapper...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Khang Duong (Patchstack Alliance)