CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31271 – WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2024-31271
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Ultimate Maps de Supsystic. Este problema afecta a Ultimate Maps de Supsystic: desde n/a hasta 1.2.16. The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce vali... • https://patchstack.com/database/vulnerability/ultimate-maps-by-supsystic/wordpress-ultimate-maps-plugin-1-2-16-cross-site-request-forgery-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6732 – Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-6732
12 Jan 2024 — The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento de WordPress Ultimate Maps by Supsystic anterior a 1.2.16 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting incluso cuando u... • https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 3CVE-2021-24274 – Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24274
19 Apr 2021 — The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Ultimate Maps by Supsystic versiones anteriores a 1.2.5, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scriptin... • https://packetstorm.news/files/id/164316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •