Unrated severityNVD Advisory· Published Mar 28, 2022· Updated Aug 3, 2024

OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

CVE-2021-24978

Description

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Osmapperinferred2 versions
<=2.1.5+ 1 more
- (no CPE)range: <=2.1.5
- (no CPE)range: <=2.1.5
Package: https://wordpress.org/plugins/osmapper

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/f0f2af29-e21e-4d16-9424-1a49bff7fb86mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000