Описание
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
Ссылки
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.1 (исключая)
cpe:2.3:a:wpgooglemap:wp_google_map:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
5.7 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-862
CWE-352
Связанные уязвимости
CVSS3: 5.7
github
почти 4 года назад
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
EPSS
Процентиль: 26%
0.00092
Низкий
5.7 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-862
CWE-352