Vulnerabilities and security researches foradd-multiple-marker add-multiple-marker

Jun 07, 2024

CVE, Research URL: CVE-2022-45080
Home page URL: Security reports for Add Multiple Marker
Application: Add Multiple Marker
Date: Apr 23, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multiple Marker plugin <= 1.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 54a2e526acc03c67a10ef5f0fd1a7d23f699d8b9
Home page URL: Security reports for Add Multiple Marker
Application: Add Multiple Marker
Date: Nov 11, 2022
Research Description: Add Multiple Marker [add-multiple-marker] <= 1.2 (unfixed) WordPress Add Multiple Marker plugin <= 1.2 - Missing Access Control vulnerability Missing Access Control vulnerability leading to unauth. plugin settings change discovered by ptsfence (Patchstack Alliance) in WordPress Add Multiple Marker plugin (versions <= 1.2). No patched version is available.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2022-45081
Home page URL: Security reports for Add Multiple Marker
Application: Add Multiple Marker
Date: -
Research Description: The Add Multiple Marker plugin for WordPress is vulnerable authorization bypass in versions up to, and including, 1.2. This is due to lacking authentication checks on certain user functions like addmultiplemarker_save_maps_data() which is called via a nopriv AJAX action. This makes it possible for unauthenticated attackers to make plugin settings changes.
Affected versions: Min -, max -.
Status: vulnerable