WordPress Plugin Vulnerabilities

Google Maps made Simple <= 0.6 - Subscriber+ SQL Injection

Description

The plugin does not properly escape user-supplied parameters nor adequately prepare its SQL queries within the plugin's shortcode.

Affects Plugins

Plugin icon
wp-gmappity-easy-google-maps
No known fix

References

CVE
CVE-2023-5315

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
377a123a-1dd2-4935-b95f-cba9b81067ed

Timeline

Publicly Published
2023-10-29 (about 2 years ago)
Added
2023-11-03 (about 2 years ago)
Last Updated
2023-11-03 (about 2 years ago)

Other

Published
Title
Published
2024-09-26
Title
WPExperts Square For GiveWP < 1.3.2 - Subscriber+ SQL Injection
Published
2025-03-24
Title
WP Featured Entries <= 1.0 - Authenticated (Contributor+) SQL Injection
Published
2025-11-24
Title
Perfect Brands for WooCommerce < 3.6.3 - Authenticated (Contributor+) SQL Injection
Published
2025-01-16
Title
Solidres – Hotel booking plugin <= 0.9.4 - Authenticated (Contributor+) SQL Injection
Published
2025-02-11
Title
LTL Freight Quotes – Unishippers Edition < 2.5.9 - Unauthenticated SQL Injection