WordPress Plugin Vulnerabilities

Easy2Map Photos < 1.1.0 - SQL Injection

Description

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input.

Proof of Concept

Affects Plugins

Plugin icon
easy2map-photos
Fixed in 1.1.0

References

CVE
CVE-2015-4615
CVE
CVE-2015-4617
URL
https://packetstormsecurity.com/files/#132613/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
Larry W. Cashdollar
Submitter twitter
_larry0
Verified
No
WPVDB ID
54b46850-5b87-4000-8a77-be88715317c8

Timeline

Publicly Published
2015-06-08 (about 10 years ago)
Added
2015-07-06 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-16
Title
WordPress Google Map Professional <= 1.0 - Authenticated (Contributor+) SQL Injection
Published
2024-10-18
Title
Social Link Groups <= 1.1.0 - Authenticated (Contributor+) SQL Injection
Published
2023-11-06
Title
Icons Font Loader < 1.1.2.1 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Published
2014-08-01
Title
Easy Contact Form Lite <= 1.0.7 - SQL Injection
Published
2024-11-08
Title
WP Contest <= 1.0.0 - Authenticated (Contributor+) SQL Injection