CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6732 – Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-6732
12 Jan 2024 — The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento de WordPress Ultimate Maps by Supsystic anterior a 1.2.16 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting incluso cuando u... • https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 3CVE-2021-24274 – Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24274
19 Apr 2021 — The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Ultimate Maps by Supsystic versiones anteriores a 1.2.5, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scriptin... • https://packetstorm.news/files/id/164316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •