MapMap WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the MapMap plugin for WordPress, affecting all versions through 1.1. The issue arises from inadequate nonce validation in the admin_shortcode_submit, admin_configuration_submit, and admin_shortcode_delete functions. This vulnerability allows unauthenticated attackers to manipulate the plugin's settings and inject harmful web scripts by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the plugin's settings and the injection of malicious scripts, which could be executed in the context of the user.

Remediation

There is no known patch available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.