CVE-2021-24274: Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
First published: Wed May 05 2021(Updated: )
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Supsystic Ultimate Maps | <1.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-24274.
What is the affected software?
The affected software is the Ultimate Maps by Supsystic WordPress plugin before version 1.2.5.
What is the severity of CVE-2021-24274?
The severity of CVE-2021-24274 is medium with a CVSS score of 6.1.
What is the CWE classification for this vulnerability?
The CWE classification for this vulnerability is CWE-79.
How can I fix the vulnerability?
To fix the vulnerability, update the Ultimate Maps by Supsystic WordPress plugin to version 1.2.5 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- agent/source
- vendor/supsystic
- canonical/supsystic ultimate maps