CVE-2022-25600
WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerabilityCross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
We have discovered 8,509 live websites that are affected by CVE-2022-25600.
Affected Software
| Product |  WP Google Map Plugin |
| Category | Wordpress Plugins |
| Vulnerable Domains | 8,509 live websites (64.47% of WP Google Map Plugin install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 10.81% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Mar 11, 2022
- Updated - Feb 20, 2025
Credits
- Vulnerability discovered by Ex.Mi (Patchstack).
CWE
CVE References
CWE References
CVE-2022-25600 usage by Country
 United States | 2,354 websites |
 Germany | 980 websites |
 France | 638 websites |
 Poland | 373 websites |
 Italy | 353 websites |
 GB | 335 websites |
 Spain | 267 websites |
 Netherlands | 185 websites |
 Turkey | 181 websites |
 Brazil | 159 websites |
CVE-2022-25600 usage by TLD
| .com | 3,381 websites |
| .de | 448 websites |
| .org | 313 websites |
| .pl | 287 websites |
| .it | 285 websites |
| .fr | 210 websites |
| .co.uk | 193 websites |
| .com.br | 184 websites |
| .com.au | 180 websites |
| .nl | 164 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-25600
Top websites that are affected by CVE-2022-25600. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.*****.fr |  European Union | ***,*** | |
| ****************.se |  Sweden | ***,*** | |
| ***********.*********.eu | France | ***,*** | |
| ****************.space | United States | ***,*** | |
| ***********************************.de | Germany | ***,*** | |
| ******************.com | Germany | ***,*** | |
| ********.***********.org |  Austria | ***,*** | |
| ***************.com | United States | ***,*** | |
| ******.eu | Austria | ***,*** | |
| *********.com | France | ***,*** |
FAQ
CVE-2022-25600 is Cross-Site Request Forgery (CSRF) in WP Google Map Plugin
A total of 8,509 websites have been identified as vulnerable to CVE-2022-25600, discovered through global website indexing conducted by WebTechSurvey.
WP Google Map Plugin is susceptible to CVE-2022-25600 vulnerability.
WP Google Map Plugin versions before 4.2.3 are vulnerable to CVE-2022-25600.
Version 4.2.3 of WP Google Map Plugin addresses the CVE-2022-25600 security vulnerability.
References
- https://wordpress.org/plugins/wp-google-map-plugin/#developers
- https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wp-google-map-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQCIZQI267YHVYSFB3CRKNK3F4ASPLK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR/