Cross-Site Request Forgery Vulnerability in MapMap Plugin for WordPress

CVE-2025-12415

What is CVE-2025-12415?

The MapMap plugin for WordPress has a vulnerability that allows Cross-Site Request Forgery (CSRF), due to inadequate nonce validation on critical admin functions such as admin_shortcode_submit, admin_configuration_submit, and admin_shortcode_delete. This weakness enables unauthenticated attackers to manipulate plugin settings or inject malicious scripts by tricking a site administrator into clicking a malicious link, potentially leading to severe security implications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References