CVE Catalog
CVE-2026-56011
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.24%
15th percentile — higher than 15% of all known CVEs
Summary
The vulnerability allows an unauthenticated attacker to execute XSS scripts in the MapPress Maps plugin for WordPress versions up to and including 2.97.3.
Risk Assessment
An attacker can inject malicious JavaScript code, leading to session theft, redirects, or website defacement without requiring authentication.
Recommendation
Immediately update the MapPress Maps plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

