The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2641450 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/6639da0d-6d29-46c1-a3cc-5e5626305833 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-28T09:06:30
Updated: 2022-02-28T09:06:30
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25011
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-28T09:15:08.487
Modified: 2022-10-25T16:41:57.217
Link: CVE-2021-25011
JSON object: View
Redhat Information
No data.