The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2667376 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-28T09:06:35
Updated: 2022-02-28T09:06:35
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25081
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-28T09:15:08.627
Modified: 2022-03-08T17:07:04.477
Link: CVE-2021-25081
JSON object: View
Redhat Information
No data.
CWE