4 matches found
π WordPress MapSVG Lite 8.5.34 Shell Upload
WordPress MapSVG Lite plugin versions 8.5.34 and below suffer from a remote shell upload vulnerability. π CVE-2025-32682 - Arbitrary File Upload in MapSVG Lite = 8.5.34 π Plugin Details - Name: MapSVG Lite - Affected Version: = 8.5.34 - Vulnerability Type: Arbitrary File Upload - CVE ID:...
CVE-2025-32682
creationtimestamp| type| source ---|---|--- 2025-04-17 16:48:47+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114354325188620003 2025-04-17 18:24:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmzq3cbjxi2l 2025-04-18 17:00:10+00:00| published-proof-of-concept...
CVE-2025-32682
The CVE-2025-32682 issue affects MapSVG Lite for WordPress (versions up to 8.5.34). The vulnerability stems from an unchecked SVG upload endpoint at /wp-json/mapsvg/v1/svgfile, where the code uploads files without validating type, extension, or contents, enabling an authenticated attacker (Subscr...
WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary File Upload Vulnerability
Arbitrary File Upload Vulnerability discovered by Anhchangmutrang in WordPress Plugin MapSVG versions = 8.6.4...