Vulnerabilities > CVE-2022-1123 - Unspecified vulnerability in Mapsmarker Leaflet Maps Marker

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mapsmarker

NVD

Published: 2022-08-29

Updated: 2024-11-21

Summary

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.

Vulnerable Configurations

Part	Description	Count
Application	Mapsmarker Mapsmarker Leaflet Maps Marker - Mapsmarker Leaflet Maps Marker 3.11 Mapsmarker Leaflet Maps Marker 3.11.1 Mapsmarker Leaflet Maps Marker 3.11.2 Mapsmarker Leaflet Maps Marker 3.12 Mapsmarker Leaflet Maps Marker 3.12.1 Mapsmarker Leaflet Maps Marker 3.12.2 Mapsmarker Leaflet Maps Marker 3.12.3 Mapsmarker Leaflet Maps Marker 3.12.4	9

References

https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812
https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812