SQL Injection Vulnerability in Easy2Map Plugin for WordPress
CVE-2015-4614

Currently unrated

Key Information:

Vendor

Wordpress
Status
Easy2map
Vendor
CVE Published:
8 July 2015

What is CVE-2015-4614?

The Easy2Map plugin for WordPress contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is accomplished through manipulation of the 'mapName' parameter in the 'e2m_img_save_map_name' action to 'wp-admin/admin-ajax.php', along with other unspecified vectors. Attackers can use this flaw to compromise the security of the affected installations by gaining unauthorized access to the database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://plugins.trac.wordpress.org/changeset/1191455/easy...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/37534/
exploitx_refsource_EXPLOIT-DB
http://www.vapid.dhs.org/advisory.php?v=131
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.