Free Trial

CVE-2024-2386 : WP MAPS PLUGIN UP TO 4.6.1 ON WORDPRESS SQL INJECTION

Description

The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter of the ‘put_wpgm’ shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/4f0deb68-3caf-4ad6-977e-0e954d29e6b7?source=cve

https://plugins.trac.wordpress.org/changeset/3108077/wp-google-map-plugin

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-2386 : WP MAPS PLUGIN UP TO 4.6.1 ON WORDPRESS SQL INJECTION
CVE-2024-2386 : WP MAPS PLUGIN UP TO 4.6.1 ON WORDPRESS SQL INJECTION

Contact us to get started

CVE-2024-39891 : TWILIO AUTHY ON ANDROID/IOS API IMPROPER AUTHENTICATION

CVE-2024-39891 : TWILIO AUTHY ON ANDROID/IOS API IMPROPER AUTHENTICATION

Description In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint

Learn more
CVE-2022-30636 : X-CRYPTO PRIOR 0.0.0-20220525230936-793AD666BF5E ON GO PATH TRAVERSAL

CVE-2022-30636 : X-CRYPTO PRIOR 0.0.0-20220525230936-793AD666BF5E ON GO PATH TRAVERSAL

Description httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base

Learn more
CVE-2023-24531 : CMD-GO UP TO 1.20.X ON GO SPECIAL ELEMENT

CVE-2023-24531 : CMD-GO UP TO 1.20.X ON GO SPECIAL ELEMENT

Description Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn’t sanitize

Learn more