WordPress Plugin Vulnerabilities

WP Google Map < 1.8.1 - Subscriber+ Map Creation/Update/Deletion

Description

The plugin does not have proper authorisation when creating, deleting and updating maps, allowing any authenticated users, such as subscribers to perform such action

Affects Plugins

gmap-embed

Fixed in version 1.7.7

References

CVE

CVE-2021-45729

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

Miscellaneous

Original Researcher

Nguyen Van Khanh

Verified

Yes

WPVDB ID

37498bf0-c0d6-42bf-846e-d275a08bab5a

Timeline

Publicly Published

2021-12-08 (about 1 years ago)

Added

2022-01-26 (about 1 years ago)

Last Updated

2022-04-11 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin