CVE-2021-24467

CVE-2021-24467

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or using malicious attributions which will be executed in all page with an embed map from the plugin

Source: CVE-2021-24467

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다