WordPress Plugin Vulnerabilities

Interactive World Map < 3.4.4 - CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
interactive-world-map
Fixed in 3.4.4

References

CVE
CVE-2023-45060
URL
https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
58018d72-701b-456a-bf87-fce1a9994593

Timeline

Publicly Published
2023-10-03 (about 2 years ago)
Added
2023-10-12 (about 2 years ago)
Last Updated
2024-03-14 (about 1 year ago)

Other

Published
Title
Published
2023-11-21
Title
WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
Published
2026-02-17
Title
Keybase.io Verification < 1.4.6 - Cross-Site Request Forgery to Settings Update
Published
2025-03-03
Title
Newscrunch < 1.8.4.1 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2025-03-27
Title
SimplyRETS Real Estate IDX < 3.1.0 - Cross-Site Request Forgery
Published
2024-01-17
Title
FreshMail For WordPress <= 2.3.2 - Cross-Site Request Forgery