8.8
CVE-2019-1000003
- EPSS 0.11%
- Veröffentlicht 04.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMapSVG Lite < 3.3.0 - Cross-Site Request Forgery
MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later.
Mögliche Gegenmaßnahme
MapSVG – Vector maps, Image maps, Google Maps: Update to version 3.3.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MapSVG – Vector maps, Image maps, Google Maps
Version
[*, 3.3.0)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mapsvg ≫ Mapsvg Lite Version3.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.267 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.