The Add Multiple Marker plugin for WordPress suffers from a missing authorization (CWE-862) vulnerability in its addmultiplemarker_reset_map() and amm_save_map_api() functions. These functions lack proper capability checks, enabling unauthenticated attackers to update the map API and reset maps. This vulnerability affects all versions up to 1.2 of the plugin. The CVSS 3.1 base score is 5.3, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to integrity loss without confidentiality or availability impact.

An unauthenticated attacker can modify map API settings and reset maps within the vulnerable WordPress plugin. This results in unauthorized modification of data (integrity impact) but does not affect confidentiality or availability. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the plugin's functionality where possible and monitor for updates from the vendor. Avoid using affected versions in sensitive environments.