CVE Catalog

CVE-2026-56011

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the MapPress Maps plugin for WordPress versions up to and including 2.97.3.

Risk Assessment

An attacker can inject malicious JavaScript code, leading to session theft, redirects, or website defacement without requiring authentication.

Recommendation

Immediately update the MapPress Maps plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS