CVE-2012-10018 HIGH

CVE-2012-10018: Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting

Vendor Sekler

Product Mapplic Lite

Weakness CWE-918 · SSRF

Published October 16, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.

Key dates

02Disclosure timeline

October 16, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2012-10018 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

Identifiers

CVE CVE-2012-10018

CWE CWE-918

CVSS 8.3 / HIGH

Affected versions

Vendor Sekler

Product Mapplic Lite

Affected < 1.0.1

Vendor Sekler

Product Mapplic - Custom Interactive Map WordPress Plugin

Affected < 6.2

CVE-2012-10018: Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting

01Description

02Disclosure timeline

03References

04Related CVE