CVE-2025-13519

Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1

Description The software is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’, ‘delete data’, and ‘add popup’ lack proper validation. This allows attackers to potentially update the plugin’s settings, delete map data, and inject malicious web scripts by tricking a site administrator into performing an action.

Recommendations Update to version 1.0.1 or later.