CVE-2022-29453

Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update.

Credits

Vulnerability discovered by Rasi Afeef (Patchstack Alliance)

References

https://wordpress.org/plugins/api-key-for-google-maps/#developers

https://patchstack.com/database/vulnerability/api-key-for-google-maps/wordpress-api-key-for-google-maps-plugin-1-2-1-csrf-vulnerability-leading-to-google-maps-api-key-update