CVE-2021-24130

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGH
EPSS
0.6%
top 31.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WP Google MAP PluginWeplugins WP Maps
Timeline
PublishedMar 18
Latest updateMay 24

Description

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/wp_google_map_plugin4.1.54.1.5
NVDweplugins/wp_maps< 4.1.5

🔴Vulnerability Details

2
GHSA
GHSA-3xhc-3pqp-v39v: Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 42022-05-24
CVEList
WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection2021-03-18
CVE-2021-24130 (HIGH CVSS 7.2) | Unvalidated input in the WP Google | cvebase.io