WordPress Plugin Vulnerabilities

Novo-Map : your WP posts on custom google maps <= 1.1.2 - CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
novo-map
No known fix

References

CVE
CVE-2023-46190
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/novo-map/novo-map-your-wp-posts-on-custom-google-maps-112-cross-site-request-forgery
URL
https://patchstack.com/database/vulnerability/novo-map/wordpress-novo-map-your-wp-posts-on-custom-google-maps-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
c8f892d5-4265-45a1-b39b-d7b2048356a9

Timeline

Publicly Published
2023-10-18 (about 6 months ago)
Added
2023-10-26 (about 6 months ago)
Last Updated
2023-10-26 (about 6 months ago)

Other

Published
Title
Published
2021-04-12
Title
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2023-05-24
Title
Kopa Framework <= 1.3.5 - Cross-Site Request Forgery
Published
2024-04-10
Title
Dashboard To-Do List < 1.3.2 - Cross-Site Request Forgery via ardtdw_widgetupdate()
Published
2023-01-05
Title
Social Warfare < 4.4.0 - Post Meta Deletion via CSRF
Published
2024-03-29
Title
LWS Optimize < 2.0 - Cross-Site Request Forgery