CVE-2023-2526 MEDIUM

CVE-2023-2526: Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action

Vendor Supsysticcom
Product Easy Google Maps
Weakness CWE-352 · CSRF
Published June 9, 2023
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-31269 appears to be a duplicate of this issue.

Key dates

02Disclosure timeline

June 9, 2023 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-4422 POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass CVE-2025-31375 WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability CVE-2017-20093 Download Manager Plugin cross-site request forgery CVE-2025-46251 WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability CVE-2025-13924 Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication