WordPress Plugin Vulnerabilities

MapSVG Lite < 3.3.0 - Cross-Site Request Forgery (CSRF)

Description

CSRF in the mapsvg_save() AJAX method

Proof of Concept

Affects Plugins

Plugin icon
mapsvg-lite-interactive-vector-maps
Fixed in 3.3.0

References

CVE
CVE-2019-1000003
URL
https://advisories.dxw.com/advisories/csrf-mapsvg-lite/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Rob Skilling (dxw)
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
03d5c0c0-06a4-468c-bcc5-22e964df8555

Timeline

Publicly Published
2019-01-08 (about 7 years ago)
Added
2019-01-08 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-05
Title
Sumo < 1.35 - Cross-Site Request Forgery
Published
2014-08-01
Title
Mail On Update 5.1.0 - Email Option Manipulation CSRF
Published
2025-04-17
Title
mLanguage <= 1.6.1 - Cross-Site Request Forgery
Published
2023-10-26
Title
EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery
Published
2025-04-04
Title
Sidebar Manager Light <= 1.1.8 - Cross-Site Request Forgery