WordPress Plugin Vulnerabilities

Add Multiple Marker <= 1.3 - Unauthenticated Settings Update

Description

The plugin does not have authorisation in place when updating its settings, which could allow unauthenticated users to update them

Affects Plugins

Plugin icon
add-multiple-marker
No known fix

References

CVE
CVE-2022-45081

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
8823a705-d7ce-493e-8cc3-a08e7f6bf504

Timeline

Publicly Published
2022-11-11 (about 3 years ago)
Added
2023-04-24 (about 3 years ago)
Last Updated
2026-02-03 (about 3 months ago)

Other

Published
Title
Published
2024-01-31
Title
WooCommerce Box Office < 1.2.3 - Missing Authorization
Published
2024-10-24
Title
SEOPress < 8.2 - Missing Authorization
Published
2025-12-15
Title
Image Gallery – Photo Grid & Video Gallery < 2.13.4 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification
Published
2024-04-22
Title
ARForms < 6.4.1 - Missing Authorization to Arbitrary File Deletion
Published
2026-01-13
Title
WP-CRM System – Manage Clients and Projects < 3.4.6 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification