Unauthenticated Cross-Site Scripting in MapPress Maps for WordPress
CVE-2026-56011

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
26 June 2026

What is CVE-2026-56011?

An Unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the MapPress Maps plugin for WordPress. This security flaw affects versions up to 2.97.3, enabling malicious users to inject arbitrary web scripts into pages viewed by other users. This can lead to unauthorized actions and data exposure, highlighting the importance of updating to secure versions to protect against potential exploitation.

Affected Version(s)

MapPress Maps for WordPress <= 2.97.3

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

l3m3s | Patchstack Bug Bounty Program
.