cbcvebase.
CVE-2015-2755
published 2015-04-01

CVE-2015-2755: Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to…

PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.86%
88.9th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
ab_google_map_travel_projectab_google_map_travel<= 3.4
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.