Themify Maps Pro – Stored cross-site script vulnerability

View all our privacy and data protection solutions >

Daniel Compton of BSI Cybersecurity and Information Resilience (formerly Info-Assure Ltd) discovered a high risk security vulnerability within the Maps Pro WordPress plugin.

As part of our responsible disclosure program, we will not release any information until the vendor has patched the vulnerability. Once the vulnerability has been patched we will not disclose the exact details or exploitation methods for the vulnerability for 3 months. This gives all users of the product sufficient time to ensure they have updated their products and are protected against the issue.

Vulnerability type: Stored cross-site scripting

Vendor: Themify.me

Vulnerable product version: Maps Pro 1.0.0

Fixed product version: Maps Pro 1.0.1

Vendor Patch Release: http://themify.me/changelogs/builder-maps-pro.txt

Discovered: 12/01/2015

Reported: 12/01/2015

Vendor fixed: 12/01/2015

Partial disclosure: 14/01/2015

Full disclosure: tba.

Asia Pacific

Europe

Americas

Middle East and Africa

Can't find an office location?

Popular

Access and buy standards

About standards

Working with standards

Standards and information

Auditing, certification and training

Consulting practices

Industry reports, research and news

Blogs

Themify Maps Pro – Stored cross-site script vulnerability