3 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Ultimate Maps de Supsystic. Este problema afecta a Ultimate Maps de Supsystic: desde n/a hasta 1.2.16. The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/ultimate-maps-by-supsystic/wordpress-ultimate-maps-plugin-1-2-16-cross-site-request-forgery-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento de WordPress Ultimate Maps by Supsystic anterior a 1.2.16 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting incluso cuando unfiltered_html no está permitido. The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Ultimate Maps by Supsystic versiones anteriores a 1.2.5, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50345 http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •