WordPress Plugin Vulnerabilities

WP Google Map < 4.4.3 - Category/Location/Map Deletion via CSRF

Description

The plugin does not have CSRF checks in the delete function, which could allow attackers to make logged in admins delete arbitrary locations, categories as well as maps via CSRF attacks

Affects Plugins

Plugin icon
wp-google-map-plugin
Fixed in 4.4.3

References

CVE
CVE-2023-28172

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
b9200be6-5610-4e04-8486-4bf8db34a444

Timeline

Publicly Published
2022-03-13 (about 4 years ago)
Added
2023-08-07 (about 2 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2024-03-28
Title
Simple Revisions Delete < 1.5.4 - Cross-Site Request Forgery
Published
2023-06-02
Title
Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS
Published
2023-11-09
Title
Preloader Matrix <= 2.0.1 - Cross-Site Request Forgery
Published
2026-01-27
Title
Bitcoin Donate Button <= 1.0 - Cross-Site Request Forgery to Settings Update
Published
2023-12-28
Title
Republish Old Posts < 1.27 - Cross-Site Request Forgery via rop_options_page