CVE-2021-25081

medium

Description

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack

References

https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e

https://plugins.trac.wordpress.org/changeset/2667376

Details

Source: Mitre, NVD

Published: 2022-02-28

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N