SQL Injection Vulnerability in WP MAPS Plugin Affects Google Maps Data
CVE-2024-2386
8.8HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 29 June 2024
What is CVE-2024-2386?
The WP MAPS plugin for WordPress is susceptible to SQL Injection due to insufficient input validation on the 'id' parameter within the 'put_wpgm' shortcode. This vulnerability is present in all versions up to and including 4.6.1. Attackers with contributor-level access or higher can exploit this weakness by injecting additional SQL queries into existing database queries. Consequently, this poses a significant risk of data exposure, allowing attackers to retrieve sensitive information from the WordPress database.
Affected Version(s)
WP Maps – Display Google Maps Perfectly with Ease * <= 4.6.1