CVE-2021-25011
N/A
N/A
Summary
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Maps Plugin using Google Maps for WordPress – WP Google Map | 1.8.1 < 1.8.1 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/6639da0d-6d29-46c1-a3cc-5e5626305833
- https://plugins.trac.wordpress.org/changeset/2641450
References
- https://wpscan.com/vulnerability/6639da0d-6d29-46c1-a3cc-5e5626305833
- https://plugins.trac.wordpress.org/changeset/2641450
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.