ThreatPress

WordPress Vulnerability Database

Back

WordPress WP Google Map Plugin <= 4.1.3 - Authenticated SQL Injection (SQLi) vulnerability

Product
WP Google Map Plugin
Description
Authenticated SQL Injection (SQLi) vulnerability found by Nguyen Anh Tien (SunCSR) in WordPress WP Google Map Plugin (version <= 4.1.3).
Solution
2020-11-25 - we were unable to find a patched version of this plugin (use at your own risk, we recommend to deactivate and delete the plugin until the patched version release).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
WPScan
CVE
Name CVE-N/A
Versions
Affected In <= 4.1.3
Fixed In 4.1.4
Disclosure date
2020-11-25
Credits
Nguyen Anh Tien (SunCSR)