CVE-2023-28172

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 84.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flippercode Wordpress Plugin FOR Google Maps – WP Maps (formerly WP Google MAP Plugin)Weplugins WP Maps

Timeline

PublishedNov 12

Latest updateNov 13

Description

Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5flippercode/wordpress_plugin_for_google_maps_–_wp_maps_(formerly_wp_google_map_plugin)n/a — 4.4.2

▶NVDweplugins/wp_maps4.4.2

🔴Vulnerability Details

GHSA

GHSA-v875-jq76-xxp6: Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4↗2023-11-13

▶

CVEList

WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)↗2023-11-12

▶