8.3

CVE-2012-10018

Exploit

Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.
Mögliche Gegenmaßnahme
Mapplic - Custom Interactive Map WordPress Plugin: Update to version 6.2, or a newer patched version
Mapplic Lite: Update to version 1.0.1, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Mapplic - Custom Interactive Map WordPress Plugin
Version [*, 6.2)
SystemWordPress Plugin
Produkt Mapplic Lite
Version [*, 1.0.1)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MapplicMapplic SwEditionlite SwPlatformwordpress Version <= 1.0
MapplicMapplic SwEdition- SwPlatformwordpress Version <= 6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.38% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 8.3 3.9 3.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://packetstormsecurity.com/files/161919/
Third Party Advisory
Exploit
https://packetstormsecurity.com/files/161920/
Third Party Advisory
Exploit