CVE-2021-25081

🗓️ 28 Feb 2022 09:08:15Reported by WPScanType

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 lacks CSRF checks, enabling attackers to manipulate plugin settings

Reporter	Title	Published	Views	Family All 7
Patchstack	WordPress WP Google Map plugin <= 1.8.3 - Arbitrary Post Deletion and Plugin's Settings Update via Cross-Site Request Forgery (CSRF) vulnerability	27 Jan 202200:00	–	patchstack
CNVD	WordPress Google Maps plugin cross-site request forgery vulnerability	2 Mar 202200:00	–	cnvd
NVD	CVE-2021-25081	28 Feb 202209:15	–	nvd
Prion	Cross site request forgery (csrf)	28 Feb 202209:15	–	prion
WPVulnDB	WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF	27 Jan 202200:00	–	wpvulndb
Cvelist	CVE-2021-25081 WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF	28 Feb 202209:06	–	cvelist
wpexploit	WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF	27 Jan 202200:00	–	wpexploit

Nvd

Vulners

Node

wpgooglemap wp_google_mapRange<1.8.4wordpress

[
  {
    "product": "Maps Plugin using Google Maps for WordPress – WP Google Map",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.8.4",
        "status": "affected",
        "version": "1.8.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/2667376
wpscan	www.wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Feb 2022 09:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS24.3

CVSS36.5

EPSS0.001

CWE-352