CVE-2022-25600

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 66.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Weplugins WP Maps Flippercode WP Google MAP Plugin (wordpress Plugin)Fedoraproject Fedora

Timeline

PublishedMar 11

Latest updateMar 12

Description

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5flippercode/wp_google_map_plugin_(wordpress_plugin)4.2.3

▶NVDweplugins/wp_maps< 4.2.4

Also affects: Fedora 34, 35, 36

🔴Vulnerability Details

GHSA

GHSA-hm3x-qqp4-vg9x: Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions↗2022-03-12

▶

CVEList

WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability↗2022-03-11

▶