- Description
- The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.
- Source
- contact@wpscan.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.7
- Impact score
- 3.6
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpgooglemap:wp_google_map:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "D181E200-DCF1-4255-9B8C-DB07C8BCB26A",
"versionEndExcluding": "1.8.1"
}
],
"operator": "OR"
}
]
}
]