ThreatPress

WordPress Vulnerabilities Database

Back

WordPress AB Google Map Travel Plugin <= 3.9 - Multiple CSRF

Product
AB Google Map Travel
Description
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross site scripting attacks via the "lat", "long", "zoom", "map_height" or "map_width" parameters in the ab_map_options page to wp-admin/admin.php.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2015-2755
Versions
Affected In <= 3.9
Fixed In 4.0
Disclosure date
2015-03-27
Credits
Kaustubh G. Padwad