WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-45052

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP Bing Map Pro
Vendor: CVE Published:; 12 October 2023

Summary

The WP Bing Map Pro plugin by dan009 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in versions prior to 5.0. This vulnerability allows attackers to trick users into performing unwanted actions on their behalf when they are authenticated, potentially leading to unauthorized changes or data exposure. It is essential for users of this plugin to update to the latest version to safeguard against possible exploitation.

Affected Version(s)

WP Bing Map Pro < 5.0

References

https://patchstack.com/database/vulnerability/api-bing-ma...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
Oct 3, 2023

Credit

Mika (Patchstack Alliance)