WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Google Maps plugin prior to 1.8.4. The vulnerability stems from the plugin’s failure to perform CSRF checks in most of its AJAX operations, which could be exploited by an attacker to cause a logged-in administrator to delete any post and update the plugin’s settings.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress google maps plugin | lt | 1.8.4 |