WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Google Map < 1.8.1 - Subscriber+ Map Creation/Update/Deletion

Description

The plugin does not have proper authorisation when creating, deleting and updating maps, allowing any authenticated users, such as subscribers to perform such action

Affects Plugins

gmap-embed
Fixed in version 1.7.7

References

CVE
CVE-2021-45729

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Nguyen Van Khanh

Verified

Yes

WPVDB ID
37498bf0-c0d6-42bf-846e-d275a08bab5a

Timeline

Publicly Published

2021-12-08 (about 8 months ago)

Added

2022-01-26 (about 6 months ago)

Last Updated

2022-04-11 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin