The LSD Google Maps Embedder plugin by Bas Matthee, versions up to 1.1, contains a CSRF vulnerability (CVE-2025-23871). This vulnerability enables attackers to perform unauthorized actions on behalf of authenticated users by exploiting the lack of proper request validation. The CVSS score of 7.1 reflects network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability. No patch or mitigation details are currently provided by the vendor or advisory sources.

Successful exploitation of this CSRF vulnerability could allow attackers to execute unauthorized actions within the context of an authenticated user, potentially leading to partial compromise of confidentiality, integrity, and availability of the affected system. However, no known exploits have been reported in the wild, and the exact impact depends on the specific actions that can be triggered via the vulnerable plugin.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or limiting use of the LSD Google Maps Embedder plugin to reduce exposure. Implementing standard CSRF protections at the application or web server level may help mitigate risk, but specific vendor guidance should be followed once available.