Lucene search

K
cvelistWPScanCVELIST:CVE-2023-6732
HistoryJan 16, 2024 - 3:57 p.m.

CVE-2023-6732 Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS

2024-01-1615:57:02
WPScan
www.cve.org
cve-2023-6732
admin
stored xss
wordpress
cross-site scripting

0.0004 Low

EPSS

Percentile

14.0%

The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Ultimate Maps by Supsystic",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.2.16"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

0.0004 Low

EPSS

Percentile

14.0%

Related for CVELIST:CVE-2023-6732