The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2667376 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e | Exploit Third Party Advisory |
https://plugins.trac.wordpress.org/changeset/2667376 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset/2667376 - Release Notes, Third Party Advisory | |
References | () https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e - Exploit, Third Party Advisory |
08 Mar 2022, 17:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CPE | cpe:2.3:a:wpgooglemap:wp_google_map:*:*:*:*:*:wordpress:*:* | |
References | (CONFIRM) https://plugins.trac.wordpress.org/changeset/2667376 - Release Notes, Third Party Advisory | |
References | (MISC) https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e - Exploit, Third Party Advisory |
28 Feb 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-28 09:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-25081
Mitre link : CVE-2021-25081
CVE.ORG link : CVE-2021-25081
JSON object : View
Products Affected
wpgooglemap
- wp_google_map
CWE
CWE-352
Cross-Site Request Forgery (CSRF)