CVE-2022-29453: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the API KEY for Google Maps WordPress plugin versions 1.2.1 and earlier. The vulnerability was assigned CVE-2022-29453 and was disclosed on June 8, 2022. This security issue affects the WordPress plugin that allows users to retroactively add Google Maps API keys to themes or plugins (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue with a CVSS score of 5.4 (Low severity). The security flaw could allow malicious actors to force privileged users to execute unwanted actions under their current authentication, specifically related to updating the Google Maps API key (Patchstack).

The vulnerability could allow attackers to manipulate the Google Maps API key settings through CSRF attacks when a privileged user visits a malicious page. This could potentially lead to unauthorized changes to the API key configuration (Patchstack).

The vulnerability was patched in version 1.2.2 of the API KEY for Google Maps plugin. Users are advised to update to version 1.2.2 or later to resolve the security issue. The update ensures that only users with 'manage_options' ability can update the API key (WordPress Plugin).