Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow…
mitre·CWE-352·Published 2015-04-01
Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.
Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.
Múltiples vulnerabilidades de CSRF en el plugin AB Google Map Travel (AB-MAP) anterior a 4.0 para WordPress permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan ataques de XSS a través del parámetro (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, o (5) zoom (Map Zoom) en la página ab_map_options en wp-admin/admin.php.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.8 | 8.6 | 6.4 | AV:N/AC:M/Au:N/C:P/I:P/A:P |