Vulnerability Description
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mapplic | Mapplic | <= 1.0 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/161919/ExploitThird Party Advisory
- https://packetstormsecurity.com/files/161920/ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2503447Patch
- https://www.mapplic.com/docs/#changelogRelease Notes
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5aacabb5-94af-485a-af2Third Party Advisory
FAQ
What is CVE-2012-10018?
CVE-2012-10018 is a vulnerability with a CVSS score of 8.3 (HIGH). The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery...
How severe is CVE-2012-10018?
CVE-2012-10018 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-10018?
Check the references section above for vendor advisories and patch information. Affected products include: Mapplic Mapplic.