CVE-2019-1000003

Published: Feb 4, 2019Modified: Jun 17, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later.

Affected (1)

Products: Mapsvg: Mapsvg Lite

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mapsvg Mapsvg Lite	Version 3.2.3

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://advisories.dxw.com/advisories/csrf-mapsvg-lite/

Source: cve@mitre.org

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9198

Source: cve@mitre.org

ExploitThird Party Advisory

https://advisories.dxw.com/advisories/csrf-mapsvg-lite/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9198

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.