CVE-2021-24978
CVE-2021-24978 concerns the OSMapper WordPress plugin (versions ≤ 2.1.5). The vulnerability arises from an AJAX action used to delete a plugin-related post type named “map” that is registered with the wp_ajax_nopriv prefix, making it accessible to unauthenticated users. There is no authorization,...