Cross-Site Request Forgery Vulnerability in Interactive UK Regional Map by WordPress
CVE-2025-49445

4.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
6 June 2025

What is CVE-2025-49445?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Interactive UK Regional Map plugin for WordPress. This vulnerability allows attackers to perform unauthorized actions on behalf of authenticated users, potentially leading to malicious changes in the settings of the plugin. If exploited, this issue could compromise the integrity of the plugin's configuration without user consent, thereby affecting the security of the WordPress site. Users of versions up to 2.0 are particularly at risk and should evaluate their installations.

Affected Version(s)

Interactive UK Regional Map <= 2.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chu The Anh (Blue Rock) (Patchstack Alliance)
.
CVE-2025-49445 : Cross-Site Request Forgery Vulnerability in Interactive UK Regional Map by WordPress