SQL Injection Vulnerability in Easy2Map Plugin for WordPress
CVE-2015-4614

Currently unrated

Key Information:

Vendor: Wordpress
Status: Easy2map
Vendor: CVE Published:; 8 July 2015

Summary

The Easy2Map plugin for WordPress contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is accomplished through manipulation of the 'mapName' parameter in the 'e2m_img_save_map_name' action to 'wp-admin/admin-ajax.php', along with other unspecified vectors. Attackers can use this flaw to compromise the security of the affected installations by gaining unauthorized access to the database.

References

https://plugins.trac.wordpress.org/changeset/1191455/easy...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/37534/

exploitx_refsource_EXPLOIT-DB

http://www.vapid.dhs.org/advisory.php?v=131

x_refsource_MISC

Timeline

Vulnerability published
Jul 8, 2015
Vulnerability Reserved
Jun 16, 2015