WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Stored Cross-Site Scripting via arbitrary URL injection in versions up to and including 6.1 and 1.0 respectively. Authenticated users with author-level permissions can inject arbitrary remote URLs for SVG map files. When a user...

CVE-2024-9117

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2012-10018

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesti...

CVE-2012-10018

The CVE-2012-10018 issue affects WordPress plugins Mapplic (up to 6.1) and Mapplic Lite (up to 1.0). The connected data confirms a Server-Side Request Forgery that can lead to Stored/XSS via SVG files. Nuclei details specify that an authenticated user with author-level permissions can inject remo...

CVE-2012-10018 Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesti...

PT-2024-10550

Name of the Vulnerable Software and Affected Versions Mapplic versions up to and including 6.1 Mapplic Lite version 1.0 Description The issue allows attackers to forge requests coming from a vulnerable site's server, potentially leading to an XSS attack if an SVG file is requested. This is made...

WordPress plugin Mapplic and Mapplic Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress Mapplic Lite plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Mapplic Lite versions = 1.0...

CVE-2024-9117

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-9117

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-9117 Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-9117 Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-9117

CVE-2024-9117 : The Mapplic Lite WordPress plugin (versions ≤ 1.0) is vulnerable to stored XSS via SVG file uploads due to insufficient input sanitization and output escaping. Exploitation requires authentication at Author level or higher, and scripts execute when a user views the SVG. Public pat...

WordPress Mapplic Lite Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Mapplic Lite Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9117 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6ba2faa9c38e Credits Francesco Carlucci Required...

WordPress plugin Mapplic Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-39444 · WordPress · Mapplic Lite

Name of the Vulnerable Software and Affected Versions: Mapplic Lite plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers wi...

Mapplic and Mapplic Lite - SSRF to Stored Cross-Site Scripting (XSS)

The Mapplic Lite = 1.0 and Mapplic = 6.2 plugins are affected by server-side request forgery issues, allowing low privilege users author+ to use an arbitrary remote map file, such as an SVG which could lead to Stored Cross-Site Scripting issues. PoC 1.Login as user author+ 2.Add Add/Edit Map -...

WordPress Mapplic-Lite 1.0 SSRF / Cross Site Scripting

Title : Mapplic-Lite Wordpress Plugins Stored XSS Injection via SSRF Date : 22/03/2021 Author : Eagle Eye Download : https://wordpress.org/plugins/mapplic-lite/ Vendor Homepage : https://mapplic.com/ Version Affected : Version 1.0 Tested on : Google Chrome XSS Vuln from add/edit Map and bypass wi...

WordPress Mapplic-Lite 1.0 SSRF / Cross Site Scripting Vulnerability

Title : Mapplic-Lite Wordpress Plugins Stored XSS Injection via SSRF Author : Eagle Eye Download : https://wordpress.org/plugins/mapplic-lite/ Vendor Homepage : https://mapplic.com/ Version Affected : Version 1.0 Tested on : Google Chrome XSS Vuln from add/edit Map and bypass with host...

WordPress Mapplic Lite plugin <= 1.0 - Stored Cross-Site Scripting (XSS) Injection via Server-Side Request Forgery (SSRF) vulnerability

Stored Cross-Site Scripting XSS Injection via Server-Side Request Forgery SSRF vulnerability discovered by Eagle Eye in WordPress Mapplic Lite plugin versions = 1.0. Solution Update the WordPress Mapplic Lite plugin to the latest available version at least 1.0.1...