Unauthorized Data Modification Vulnerability in Image Map Pro Plugin for WordPress
CVE-2024-9584

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Image Map Pro – Drag-and-drop Builder For Interactive Images
Vendor: CVE Published:; 25 October 2024

Summary

The Image Map Pro plugin for WordPress harbors a vulnerability that permits unauthorized modification of map projects due to a lack of capability checks on critical AJAX functions. This issue affects versions up to 6.0.20, enabling authenticated attackers with contributor-level privileges or higher to add, update, or delete map projects. The absence of proper validation mechanisms poses a significant risk to the integrity of user-generated data, making it essential for site owners using this plugin to implement timely updates and security best practices.

Affected Version(s)

Image Map Pro – Drag-and-drop Builder for Interactive Images * <= 6.0.20

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://imagemappro.com/change-log/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 7, 2024

Credit

István Márton