CVE-2022-0592

CVE-2022-0592 affects the MapSVG WordPress plugin, specifically versions prior to 6.2.20. The vulnerability arises from the REST endpoint failing to validate and escape a parameter before it is used in a SQL statement, resulting in unauthenticated SQL Injection. Affected component: MapSVG WordPre...

CVE-2022-0592 MapSVG < 6.2.20 - Unauthenticated SQLi

The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users...

WordPress plugin MapSVG SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

PT-2022-13287 · WordPress · Mapsvg Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: MapSVG WordPress plugin versions prior to 6.2.20 Description: The issue concerns a SQL Injection that can be exploited by unauthenticated users due to the lack of validation and escaping of a parameter used in a SQL statement via a REST...

WordPress MapSVG premium plugin <= 6.2.19 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Brandon James Roldan in WordPress MapSVG premium plugin versions = 6.2.19. Solution Update the WordPress MapSVG premium plugin to the latest available version at least 6.2.20...

MapSVG < 6.2.20 - Unauthenticated SQLi

The plugin does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. https://example.com/wp-json/mapsvg/v1/maps/2?id=1%27%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5b--+...

MapSVG < 6.2.20 - Unauthenticated SQLi

The plugin does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. PoC https://example.com/wp-json/mapsvg/v1/maps/2?id=1%27%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5b--+...

WordPress MapSVG Lite Plugin Cross Site Request Forgery (CVE-2019-1000003)

A cross site request forgery vulnerability exists in WordPress MapSVG Lite plugin. Successful exploitation of this vulnerability can result in the execution of arbitrary code in the effected system...

CVE-2019-1000003

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

CVE-2019-1000003

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

Cross site request forgery (csrf)

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

CVE-2019-1000003

MapSVG Lite 3.2.3 is affected by a CSRF in the mapsvg_save AJAX endpoint (/wp-admin/admin-ajax.php?action=mapsvg_save) that can allow an authenticated admin to modify post data (including embedded JavaScript). Exploitation requires the attacker to have an admin account and to entice the admin to ...

CVE-2019-1000003

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

WordPress Plugin MapSVG Lite Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin MapSVG Lite. Allows an attacker to perform...

WordPress MapSVG Lite plugin <= 3.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Rob Skilling dxw in WordPress MapSVG Lite plugin versions = 3.2.3. Solution Update the WordPress MapSVG Lite plugin to the latest available version at least 3.3.0...

WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery

Details ================ Software: MapSVG Lite Version: 3.2.3 Homepage: https://en-gb.wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/ Advisory report: https://advisories.dxw.com/advisories/csrf-mapsvg-lite/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Descripti...

MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method PoC...

MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method...