exploitDog

GHSA-9ww6-8m5g-5rm3

Опубликовано: 01 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack

Ссылки

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-25081

CVSS3: 6.5

nvd

почти 4 года назад

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352