Описание
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Patch
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0 (включая)Версия до 6.1 (включая)
Одно из
cpe:2.3:a:mapplic:mapplic:*:*:*:*:lite:wordpress:*:*
cpe:2.3:a:mapplic:mapplic:*:*:*:*:-:wordpress:*:*
EPSS
Процентиль: 85%
0.02517
Низкий
8.3 High
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 8.3
github
больше 1 года назад
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.
EPSS
Процентиль: 85%
0.02517
Низкий
8.3 High
CVSS3
Дефекты
CWE-918