Vulnerability Description
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpgooglemap | Wp Google Map | < 1.8.1 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2641450Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/6639da0d-6d29-46c1-a3cc-5e5626305833ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2641450Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/6639da0d-6d29-46c1-a3cc-5e5626305833ExploitThird Party Advisory
FAQ
What is CVE-2021-25011?
CVE-2021-25011 is a vulnerability with a CVSS score of 5.7 (MEDIUM). The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscrib...
How severe is CVE-2021-25011?
CVE-2021-25011 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25011?
Check the references section above for vendor advisories and patch information. Affected products include: Wpgooglemap Wp Google Map.