CVE-2012-10018

8.3 HIGH
Published: October 16, 2024 Modified: December 19, 2025
View on NVD

Description

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://packetstormsecurity.com/files/161919/
Source: security@wordfence.com
Exploit Third Party Advisory
https://packetstormsecurity.com/files/161920/
Source: security@wordfence.com
Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2503447
Source: security@wordfence.com
Patch
https://www.mapplic.com/docs/#changelog
Source: security@wordfence.com
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/5aacabb5-94af-485a-af24-e84db3e3726f?source=cve
Source: security@wordfence.com
Third Party Advisory

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.3 / 10.0
EPSS (Exploit Probability)
0.3%
54th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-918

Affected Vendors

mapplic

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A