WordPress Plugin Vulnerabilities

WP Open Street Map < 1.30 - Arbitrary Settings Update via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
wp-open-street-map
Fixed in 1.30

References

CVE
CVE-2023-45645

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
3c93d3ae-7678-44af-9951-a0746c1310be

Timeline

Publicly Published
2023-10-16 (about 8 months ago)
Added
2023-10-17 (about 8 months ago)
Last Updated
2023-10-17 (about 8 months ago)

Other

Published
Title
Published
2024-04-11
Title
Crony Cronjob Manager <= 0.5.0 - Cross-Site Request Forgery
Published
2023-04-19
Title
Pearl < 1.3.5 - CSRF
Published
2014-08-01
Title
Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF
Published
2014-08-01
Title
JW Player 2.1.2 - wp-admin/admin.php Player Deletion CSRF
Published
2021-08-16
Title
Event Espresso 4 Decaf < 4.10.12 - Cross-Site Request Forgery