26 matches found
WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Stored Cross-Site Scripting via arbitrary URL injection in versions up to and including 6.1 and 1.0 respectively. Authenticated users with author-level permissions can inject arbitrary remote URLs for SVG map files. When a user...
EUVD-2012-6564
Malware in sbrugna...
CVE-2024-9117
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2012-10018
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesti...
CVE-2012-10018
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesti...
CVE-2012-10018 Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesti...
CVE-2012-10018
The CVE-2012-10018 issue affects WordPress plugins Mapplic (up to 6.1) and Mapplic Lite (up to 1.0). The connected data confirms a Server-Side Request Forgery that can lead to Stored/XSS via SVG files. Nuclei details specify that an authenticated user with author-level permissions can inject remo...
WordPress plugin Mapplic and Mapplic Lite 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
PT-2024-10550
Name of the Vulnerable Software and Affected Versions Mapplic versions up to and including 6.1 Mapplic Lite version 1.0 Description The issue allows attackers to forge requests coming from a vulnerable site's server, potentially leading to an XSS attack if an SVG file is requested. This is made...
VulnCheck KEV: CVE-2012-10018
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if...
WordPress Mapplic Lite plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Mapplic Lite versions = 1.0...
CVE-2024-9117
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-9117
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-9117 Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-9117 Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-9117
CVE-2024-9117 : The Mapplic Lite WordPress plugin (versions ≤ 1.0) is vulnerable to stored XSS via SVG file uploads due to insufficient input sanitization and output escaping. Exploitation requires authentication at Author level or higher, and scripts execute when a user views the SVG. Public pat...
WordPress plugin Mapplic Lite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Mapplic Lite Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Mapplic Lite Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9117 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6ba2faa9c38e Credits Francesco Carlucci Required...
PT-2024-39444 · WordPress · Mapplic Lite
Name of the Vulnerable Software and Affected Versions: Mapplic Lite plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers wi...
WordPress Mapplic 6.1 SSRF / Cross Site Scripting Vulnerability
Title : Mapplic Wordpress Plugins Stored XSS Injection via SSRF Author : Eagle Eye Vendor Homepage : https://mapplic.com/ Version Affected : 6.1 and below Tested on : Google Chrome XSS Vuln from add/edit Map and bypass with host raw.githubusercontent.com 1.Login as user 2.Add Add/Edit Map - From...