WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Stored Cross-Site Scripting via arbitrary URL injection in versions up to and including 6.1 and 1.0 respectively. Authenticated users with author-level permissions can inject arbitrary remote URLs for SVG map files. When a user...

PT-2024-10550

Name of the Vulnerable Software and Affected Versions Mapplic versions up to and including 6.1 Mapplic Lite version 1.0 Description The issue allows attackers to forge requests coming from a vulnerable site's server, potentially leading to an XSS attack if an SVG file is requested. This is made...