CVE-2015-2755 Scanner
Detects 'Cross-Site Request Forgery (CSRF)' vulnerability in AB Google Map Travel (AB-MAP) plugin for WordPress affects v. before 4.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
The AB Google Map Travel (AB-MAP) plugin is a tool designed for use with the WordPress platform. This plugin allows users to add customized maps to their WordPress website with ease. With the AB-MAP plugin, users can manually add markers, customize map colors, and even add their own KML files. This functionality makes AB-MAP an essential tool for businesses, bloggers, and other WordPress website owners who wish to display visual data on their website.
One vulnerability that has been detected in the AB-MAP plugin is the CVE-2015-2755 vulnerability. This vulnerability permits attackers to conduct cross-site request forgery (CSRF) attacks, which can lead to an attacker hijacking the authentication of administrators and carrying out cross-site scripting (XSS) attacks. The vulnerability arises from the lat (Latitude), long (Longitude), map_width, map_height, or zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.
When this vulnerability is exploited, it can lead to severe implications for the website owner and users. An attacker could gain access to highly sensitive user data, hijack user accounts, or even steal website login credentials. With the advent of GDPR and similar privacy regulations, non-compliance with such standards could lead to legal repercussions and, most importantly, brand damage.
Thanks to the pro features of the securityforeveryone.com platform, website owners can quickly and easily learn about vulnerabilities in their digital assets. On this platform, users can receive real-time alerts, track vulnerabilities over time, and even export vulnerability data for use in reports. By using this platform, WordPress website owners can protect their digital assets and keep their online presence secure. It is better to be safe than sorry by being proactive in securing digital assets than waiting for them to be compromised and regretting it.
REFERENCES
- securityfocus.com: 20150321 CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin
- securityfocus.com: 20150327 CVE-2015-2755 WordPress AB Google Map Travel CSRF / XSS
- http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html
- securityfocus.com: 71417
- http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html
- https://wordpress.org/plugins/ab-google-map-travel/changelog/
control security posture