Stored Cross-Site Scripting in Teplitsa ShMapper Plugin for WordPress
CVE-2024-12518
6.4MEDIUM
What is CVE-2024-12518?
The Teplitsa ShMapper plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and improper output escaping on user-supplied attributes used in the 'shmMap' shortcode. This flaw affects all versions up to and including 1.4.18. An authenticated attacker with contributor-level access or higher can exploit this issue to inject arbitrary web scripts into pages. Consequently, when a user accesses these compromised pages, the injected scripts may execute, potentially allowing attackers to manipulate or capture sensitive user data.
Affected Version(s)
ShMapper by Teplitsa * <= 1.4.18