Lucene search

K
cveWPScanCVE-2022-1123
HistoryAug 29, 2022 - 6:15 p.m.

CVE-2022-1123

2022-08-2918:15:08
CWE-89
WPScan
web.nvd.nist.gov
44
5
cve-2022-1123
leaflet maps marker
wordpress
sql injection
nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.7%

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.

Affected configurations

Nvd
Vulners
Node
mapsmarkerleaflet_maps_markerRange<3.12.5wordpress
VendorProductVersionCPE
mapsmarkerleaflet_maps_marker*cpe:2.3:a:mapsmarker:leaflet_maps_marker:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "product": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.12.5",
        "status": "affected",
        "version": "3.12.5",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.7%