CVE-2021-25011

Summary

The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.

Affected Software

VendorProductVersion RangeStatus
UnknownMaps Plugin using Google Maps for WordPress – WP Google Map1.8.1 < 1.8.1affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References