CVE-2023-28172 – WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28172
Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) de flippercode en el complemento WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) en versiones <= 4.4.2. The WP Google Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.2. This is due to missing or incorrect nonce validation on the delete() function of the WPGMP_Model_Group_Map, WPGMP_Model_Location, and WPGMP_Model_Map classes. This makes it possible for unauthenticated attackers to delete a location, category, or map via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wp-maps-plugin-4-4-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-23878 – WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23878
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions. The WP MAPS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wordpress-plugin-for-google-maps-wp-maps-plugin-4-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-25600 – WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-25600
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) afectando a las funciones Delete Marker Category, Delete Map y Copy Map en el plugin WP Google Map (versiones anteriores a 4.2.3 incluyéndola) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQCIZQI267YHVYSFB3CRKNK3F4ASPLK https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wp-google-map-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins& • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-25081 – WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2021-25081
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack El plugin Maps usando Google Maps para WordPress versiones anteriores a 1.8.4 no presenta comprobaciones CSRF en la mayoría de sus acciones AJAX, lo que podría permitir a atacantes hacer que los administradores con sesión iniciada eliminen entradas arbitrarias y actualicen la configuración del plugin por medio de un ataque CSRF • https://plugins.trac.wordpress.org/changeset/2667376 https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-45729 – WordPress WP Google Map plugin <= 1.8.0 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-45729
The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. Se ha detectado una vulnerabilidad de escalada de privilegios en el plugin WP Google Map de WordPress (versiones anteriores a 1.8.0 incluyéndola) permite a usuarios autenticados de bajo rol crear, editar y eliminar mapas • https://patchstack.com/database/vulnerability/gmap-embed/wordpress-wp-google-map-plugin-1-8-0-privilege-escalation-vulnerability https://wordpress.org/plugins/gmap-embed/#developers • CWE-269: Improper Privilege Management •