CVE-2019-10692 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Google Maps plugin for WordPress affects v. before 7.11.18.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
The Google Maps plugin for WordPress is a popular tool used to embed Google Maps into a WordPress website. This plugin makes it easy for website owners to create responsive, customizable maps with markers and infowindows to showcase important locations such as business offices, landmarks, or popular tourist destinations. The plugin also offers useful features such as geolocation, traffic layer, and street view to provide a better user experience.
Recently, a vulnerability was detected in the wp-google-maps plugin before 7.11.18 for WordPress, which could potentially expose websites to SQL injection attacks. The vulnerability, identified as CVE-2019-10692, arises from a lack of sanitization of field names before executing a SELECT statement in the REST API. This means that an attacker could exploit this vulnerability by submitting a specially crafted request to the REST API endpoint, thereby executing malicious SQL statements and compromising the website's database.
If exploited, the CVE-2019-10692 vulnerability could lead to serious consequences for a website. An attacker could gain unauthorized access to sensitive data stored in the database, modify or delete data, or even take control of the entire website. This poses a significant threat to website owners, particularly those with e-commerce or user data. In severe cases, an attacker could use the compromised website as a launching pad for attacking other websites and network resources.
In conclusion, the CVE-2019-10692 vulnerability in the wp-google-maps plugin before 7.11.18 for WordPress highlights the importance of regularly checking for vulnerabilities in digital assets and taking the necessary precautions to protect against them. With the pro features of the s4e.io platform, website owners can easily and quickly learn about vulnerabilities in their digital assets and take action to secure their website. Don't wait for an attack to happen – take proactive measures to safeguard your website now.
REFERENCES
- https://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-google-maps&old=2061433&new_path=%2Fwp-google-maps&new=2061434&sfp_email=&sfph_mail=#file755
- https://wordpress.org/plugins/wp-google-maps/#developers
- http://www.rapid7.com/db/modules/auxiliary/admin/http/wp_google_maps_sqli
- http://packetstormsecurity.com/files/159640/WordPress-Rest-Google-Maps-SQL-Injection.html