Vulnerability CVE-2021-25081


Published: 2022-02-28

Description:
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Wpgooglemap -> Wp google map 

 References:
https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e
https://plugins.trac.wordpress.org/changeset/2667376

Copyright 2024, cxsecurity.com

 

Back to Top