Search criteria
6 vulnerabilities found for ultimate_maps by supsystic
FKIE_CVE-2023-6732
Vulnerability from fkie_nvd - Published: 2024-01-16 16:15 - Updated: 2025-06-02 15:15
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| supsystic | ultimate_maps | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:supsystic:ultimate_maps:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "443DECAC-FA9B-4431-807E-0059ACC223A9",
"versionEndExcluding": "1.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": "El complemento de WordPress Ultimate Maps by Supsystic anterior a 1.2.16 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"id": "CVE-2023-6732",
"lastModified": "2025-06-02T15:15:25.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-16T16:15:13.817",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24274
Vulnerability from fkie_nvd - Published: 2021-05-05 19:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| contact@wpscan.com | https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| supsystic | ultimate_maps | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:supsystic:ultimate_maps:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "04EAC6C9-97FA-4CAE-8FA4-92BC97D3AE50",
"versionEndExcluding": "1.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
},
{
"lang": "es",
"value": "El plugin de WordPress Ultimate Maps by Supsystic versiones anteriores a 1.2.5, no saneaba el par\u00e1metro tab de su p\u00e1gina options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado"
}
],
"id": "CVE-2021-24274",
"lastModified": "2024-11-21T05:52:44.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-05T19:15:08.583",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2023-6732 (GCVE-0-2023-6732)
Vulnerability from cvelistv5 – Published: 2024-01-16 15:57 – Updated: 2025-06-02 15:09
VLAI?
Title
Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS
Summary
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
4.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ultimate Maps by Supsystic |
Affected:
0 , < 1.2.16
(semver)
|
Credits
Mert Umut
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:36:02.710306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:09:29.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Ultimate Maps by Supsystic",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mert Umut"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T21:23:03.610Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ultimate Maps by Supsystic \u003c 1.2.16 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6732",
"datePublished": "2024-01-16T15:57:02.536Z",
"dateReserved": "2023-12-12T14:57:41.642Z",
"dateUpdated": "2025-06-02T15:09:29.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24274 (GCVE-0-2021-24274)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
VLAI?
Title
Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
Summary
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Supsystic | Ultimate Maps by Supsystic |
Affected:
1.2.5 , < 1.2.5
(custom)
|
Credits
0xB9
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:22.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ultimate Maps by Supsystic",
"vendor": "Supsystic",
"versions": [
{
"lessThan": "1.2.5",
"status": "affected",
"version": "1.2.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0xB9"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T16:06:25",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ultimate Maps by Supsystic \u003c 1.2.5 - Reflected Cross-Site scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24274",
"STATE": "PUBLIC",
"TITLE": "Ultimate Maps by Supsystic \u003c 1.2.5 - Reflected Cross-Site scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ultimate Maps by Supsystic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.5",
"version_value": "1.2.5"
}
]
}
}
]
},
"vendor_name": "Supsystic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
},
{
"name": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24274",
"datePublished": "2021-05-05T18:28:48",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:22.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6732 (GCVE-0-2023-6732)
Vulnerability from nvd – Published: 2024-01-16 15:57 – Updated: 2025-06-02 15:09
VLAI?
Title
Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS
Summary
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
4.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ultimate Maps by Supsystic |
Affected:
0 , < 1.2.16
(semver)
|
Credits
Mert Umut
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:36:02.710306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:09:29.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Ultimate Maps by Supsystic",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mert Umut"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T21:23:03.610Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ultimate Maps by Supsystic \u003c 1.2.16 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6732",
"datePublished": "2024-01-16T15:57:02.536Z",
"dateReserved": "2023-12-12T14:57:41.642Z",
"dateUpdated": "2025-06-02T15:09:29.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24274 (GCVE-0-2021-24274)
Vulnerability from nvd – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
VLAI?
Title
Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
Summary
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Supsystic | Ultimate Maps by Supsystic |
Affected:
1.2.5 , < 1.2.5
(custom)
|
Credits
0xB9
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:22.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ultimate Maps by Supsystic",
"vendor": "Supsystic",
"versions": [
{
"lessThan": "1.2.5",
"status": "affected",
"version": "1.2.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0xB9"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T16:06:25",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ultimate Maps by Supsystic \u003c 1.2.5 - Reflected Cross-Site scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24274",
"STATE": "PUBLIC",
"TITLE": "Ultimate Maps by Supsystic \u003c 1.2.5 - Reflected Cross-Site scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ultimate Maps by Supsystic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.5",
"version_value": "1.2.5"
}
]
}
}
]
},
"vendor_name": "Supsystic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
},
{
"name": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24274",
"datePublished": "2021-05-05T18:28:48",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:22.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}