CVE-2021-25081: WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF
First published: Mon Feb 28 2022(Updated: )
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Flippercode WP Google Map | <1.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-25081?
CVE-2021-25081 is classified as a high severity vulnerability due to the potential for CSRF attacks affecting logged-in admin users.
How do I fix CVE-2021-25081?
To fix CVE-2021-25081, update the Google Maps for WordPress plugin to version 1.8.4 or later which includes the necessary CSRF protections.
What are the consequences of exploiting CVE-2021-25081?
Exploiting CVE-2021-25081 could allow an attacker to delete arbitrary posts and change plugin settings without authorization.
Which versions of the Google Maps for WordPress plugin are affected by CVE-2021-25081?
CVE-2021-25081 affects all versions of the Google Maps for WordPress plugin before 1.8.4.
Who is at risk from CVE-2021-25081?
Users who have the Google Maps for WordPress plugin installed with versions prior to 1.8.4 are at risk from CVE-2021-25081.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wpgooglemap
- canonical/flippercode wp google map