Description

WordPress Plugin Mapplic Lite is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Mapplic Lite version 1.0 is vulnerable.

Remediation

Update to plugin version 1.0.1 or latest

References

https://packetstormsecurity.com/files/161919/WordPress-Mapplic-Lite-1.0-SSRF-Cross-Site-Scripting.html

https://plugins.svn.wordpress.org/mapplic-lite/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Limit Login Attempts Security Bypass (1.7.0)

WordPress Plugin WP-DownloadManager Cross-Site Scripting (1.67)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (2.6.4)

WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)

Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2018-14478)

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update SSRF