cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2012-10018,https://securityvulnerability.io/vulnerability/CVE-2012-10018,Mapplic and Mapplic Lite Plugins Vulnerable to Server-Side Request Forgery Attacks,"The Mapplic and Mapplic Lite plugins for WordPress exhibit a vulnerability that allows attackers to exploit Server-Side Request Forgery. This flaw occurs in versions up to and including 6.1 for Mapplic and up to version 1.0 for Mapplic Lite. By leveraging this vulnerability, an attacker can forge requests originating from a vulnerable site's server. If an SVG file is requested during this process, it may lead to Cross-Site Scripting (XSS) attacks. Users of these plugins are advised to update to the latest versions to mitigate potential threats.",Wordpress,"Mapplic Lite,Mapplic - Custom Interactive Map WordPress Plugin",8.3,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-16T06:43:33.160Z,0
CVE-2024-9117,https://securityvulnerability.io/vulnerability/CVE-2024-9117,Stored Cross-Site Scripting (XSS) via SVG File Uploads Vulnerability in Mapplic Lite Plugin for WordPress,"The Mapplic Lite plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through improper handling of SVG file uploads. This weakness arises from inadequate input sanitization and output escaping methodologies present in all versions up to and including 1.0. Authenticated attackers with Author-level permissions can exploit this flaw, enabling them to inject unauthorized web scripts into pages. These scripts execute whenever a user accesses the compromised SVG file, potentially leading to unauthorized actions or data exposure.",Wordpress,Mapplic Lite,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-26T09:29:42.242Z,0