CVE-2015-4614

The CVE corresponds to WordPress Easy2Map plugin vulnerabilities: multiple SQL injections in includes/Function.php prior to 1.2.5, exploitable via the mapName parameter in the e2m_img_save_map_name action to wp-admin/admin-ajax.php (and related vectors). Exploitation details shown in public advis...

CVE-2015-4616

CVE-2015-4616 describes a directory traversal flaw in the WordPress Easy2Map plugin, affecting versions prior to 1.2.5. The vulnerability occurs in includes/MapPinImageSave.php where an attacker can craft the map_id parameter with a ‘..’ sequence to create arbitrary files on the server. This is r...