Login Sign Up

CVE-2022-0537

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in the MapPress Maps for WordPress plugin allows authenticated administrators to bypass WordPress security settings and upload arbitrary PHP files, leading to remote code execution. It affects WordPress sites running MapPress versions before 2.73.13 where an administrator account is compromised or malicious.

💻 Affected Systems

Products:
  • MapPress Maps for WordPress
Versions: All versions before 2.73.13
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress administrator privileges to exploit. DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings are bypassed.

📦 What is this software?

Mappress by Mappresspro

View all CVEs affecting Mappress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through web shell upload, allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Unauthorized file upload leading to web shell installation, data exfiltration, or site defacement by attackers with admin access.

🟢

If Mitigated

Limited impact if proper access controls, file integrity monitoring, and least privilege principles are enforced.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials. Public exploit code is available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.73.13

Vendor Advisory: https://wpscan.com/vulnerability/abfbba70-5158-4990-98e5-f302361db367

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find MapPress Maps for WordPress. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.73.13+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable MapPress plugin until patched

wp plugin deactivate mappress-google-maps-for-wordpress

Restrict admin access

all

Implement additional authentication controls for admin accounts

🧯 If You Can't Patch

  • Remove admin access from untrusted users and implement multi-factor authentication
  • Implement file integrity monitoring on WordPress upload directories and alert on new PHP files

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > MapPress version. If version is below 2.73.13, you are vulnerable.

Check Version:

wp plugin get mappress-google-maps-for-wordpress --field=version

Verify Fix Applied:

Confirm MapPress version is 2.73.13 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=mappress_ajax_save
  • Unauthorized file creation in wp-content/themes/* directories with .php extension
  • Admin user performing unusual file upload activities

Network Indicators:

  • HTTP requests with 'action' parameter set to 'mappress_ajax_save'
  • Unexpected file uploads to WordPress admin endpoints

SIEM Query:

source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND query_string="*action=mappress_ajax_save*"

📊 Metadata

CVE ID: CVE-2022-0537
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: April 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0537, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)