2 matches found
CVE-2023-2526 Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action
The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...
CVE-2023-2526
CVE-2023-2526 affects the Easy Google Maps plugin for WordPress. The vulnerability arises from missing/incorrect nonce validation on the AJAX action handler, allowing CSRF for unauthenticated attackers to trigger actions if a site admin is lured into clicking a forged request. Affected versions a...