Cross-Site Request Forgery Vulnerability in Vsourz Digital WP Map Route Planner
CVE-2025-32621

7.1HIGH

Key Information:

Vendor
WordPress
Status
WP Map Route Planner
Vendor
CVE Published:
9 April 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Vsourz Digital WP Map Route Planner plugin, allowing attackers to perform unauthorized actions on behalf of an authenticated user. This issue affects all versions from n/a through 1.0.0, exposing websites using this plugin to potential compromise. Site owners are advised to apply necessary patches and updates to safeguard against such threats.

Affected Version(s)

WP Map Route Planner <= 1.0.0

References

https://patchstack.com/database/wordpress/plugin/wp-map-r...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abdi Pranata (Patchstack Alliance)
.
CVE-2025-32621 : Cross-Site Request Forgery Vulnerability in Vsourz Digital WP Map Route Planner | SecurityVulnerability.io