CVE-2019-1000003

Name of the Vulnerable Software and Affected Versions: MapSVG Lite versions prior to 3.3.0

Description: The issue allows an attacker to modify post data, including embedding javascript, due to a Cross Site Request Forgery (CSRF) vulnerability in the REST endpoint "/wp-admin/admin-ajax.php?action=mapsvg save". This can be exploited when the victim, who must be logged in to WordPress as an admin, clicks a link.

Recommendations: For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php?action=mapsvg save" endpoint until the update is applied.