The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00133}

epss

{'score': 0.00137}


Wed, 16 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Mapplic
Mapplic mapplic
Mapplic mapplic Lite
CPEs cpe:2.3:a:mapplic:mapplic:*:*:*:*:*:*:*:*
cpe:2.3:a:mapplic:mapplic_lite:*:*:*:*:*:*:*:*
Vendors & Products Mapplic
Mapplic mapplic
Mapplic mapplic Lite
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 07:00:00 +0000

Type Values Removed Values Added
Description The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.
Title Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-10-16T18:05:36.335Z

Reserved: 2024-10-15T17:59:31.519Z

Link: CVE-2012-10018

cve-icon Vulnrichment

Updated: 2024-10-16T17:57:04.096Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-16T07:15:03.920

Modified: 2024-10-16T16:38:14.557

Link: CVE-2012-10018

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.