Cross-Site Request Forgery Vulnerability in LSD Google Maps Embedder by Bas Matthee
CVE-2025-23871

7.1HIGH

Key Information:

Vendor: WordPress
Status: Lsd Google Maps Embedder
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23871?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the LSD Google Maps Embedder plugin developed by Bas Matthee. This vulnerability could allow an attacker to execute unauthorized actions on behalf of an authenticated user without their consent. The impact occurs in versions from n/a up to 1.1, potentially exposing sensitive information and compromising the integrity of installations. Users are encouraged to take immediate security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

LSD Google Maps Embedder <= 1.1

References

https://patchstack.com/database/wordpress/plugin/lsd-goog...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)