B4after

b4after

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Osmapper

osmapper

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24978 1B4after 1Osmapper Jun 17, 2026 Mar 28, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There i...Show more The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blogShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-24978

1B4after

1Osmapper

Jun 17, 2026

Mar 28, 2022

N/A· v4

5.3 MEDIUM· v3

5.0 MEDIUM· v2

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blogShow less