What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.
Explanation of Vulnerability in Simple Terms
WP Maps versions 4.8.6 and earlier contain a deserialization vulnerability in how the plugin processes untrusted data. An authenticated attacker with high privileges can craft malicious serialized input to execute arbitrary code on the site. The attack requires high attack complexity and administrative-level access to exploit.
What an attacker can do
Run arbitrary code on the site with the privileges of the WordPress installation.
Potential impact on your site
A compromised admin account could lead to full site takeover, data theft, or malware injection.
Conditions required to exploit
Attacker must have high-level WordPress privileges (typically administrator role) and craft a malicious serialized payload.
Key dates
External resources