Cross-Site Request Forgery Vulnerability in AB Google Map Travel Plugin for WordPress
CVE-2015-2755

Currently unrated

Key Information:

Vendor: Wordpress
Status: Ab Google Map Travel
Vendor: CVE Published:; 1 April 2015

What is CVE-2015-2755?

The AB Google Map Travel plugin for WordPress is affected by multiple cross-site request forgery (CSRF) vulnerabilities. These issues allow remote attackers to exploit authentication weaknesses in order to execute unauthorized actions on behalf of administrators. Through manipulation of the parameters such as latitude, longitude, map width, map height, and zoom settings in the ab_map_options page of the WordPress admin panel, attackers can initiate requests that lead to cross-site scripting (XSS) attacks. This vulnerability underscores the importance of securing WordPress plugins against CSRF exploits to protect user data and maintain site integrity.

References

http://www.securityfocus.com/archive/1/534954/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/535026/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/131155/WordPress-Goo...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
Mar 27, 2015

Wordpress

What is CVE-2015-2755?

References

Timeline