Lucene search

K
cvelistWPScanCVELIST:CVE-2023-0037
HistoryMar 13, 2023 - 4:03 p.m.

CVE-2023-0037 10WebMapBuilder < 1.0.73 - Unauthenticated SQLi

2023-03-1316:03:32
WPScan
www.cve.org
10webmapbuilder
sql injection
cve-2023-0037
wordpress plugin
unauthenticated users
google maps

0.003 Low

EPSS

Percentile

70.7%

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "10Web Map Builder for Google Maps",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.73"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

0.003 Low

EPSS

Percentile

70.7%

Related for CVELIST:CVE-2023-0037