CVE-2025-2055: MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS
Description
The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
Classification
CVE ID: CVE-2025-2055
Problem Types
CWE-79 Cross-Site Scripting (XSS)Affected Products
Vendor: Unknown
Product: MapPress Maps for WordPress
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.01% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2055https://wpscan.com/vulnerability/a8bfdbbf-6963-4fab-826a-6be770ac72c3/