CVE-2021-25081

{"id": "CVE-2021-25081", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-02-28T09:15:08.627", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2667376", "tags": ["Release Notes", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/f85cf258-1c2f-444e-91e5-b1fc55880f0e", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack"}, {"lang": "es", "value": "El plugin Maps usando Google Maps para WordPress versiones anteriores a 1.8.4 no presenta comprobaciones CSRF en la mayor\u00eda de sus acciones AJAX, lo que podr\u00eda permitir a atacantes hacer que los administradores con sesi\u00f3n iniciada eliminen entradas arbitrarias y actualicen la configuraci\u00f3n del plugin por medio de un ataque CSRF"}], "lastModified": "2022-03-08T17:07:04.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpgooglemap:wp_google_map:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CE7FB7D4-CC42-4D3E-9ADE-90ACC5EF53F6", "versionEndExcluding": "1.8.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}