CVE-2021-25081

EUVD-2021-11993
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
wpgooglemapwp_google_map
𝑥
< 1.8.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2667376
https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e
https://plugins.trac.wordpress.org/changeset/2667376
https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e