Primary

Context

Supsystic Ultimate Maps SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Supsystic Ultimate Maps WordPress plugin, specifically in version 1.1.12. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the 'sidx' GET parameter. Exploitation involves sending crafted requests to the 'getListForTbl' action, using either boolean-based blind or time-based blind SQL injection payloads to extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation within the database.

Reproduction

To reproduce this vulnerability, send a request to the 'getListForTbl' action with the 'sidx' parameter injected with a SQL payload. This can be done using a tool like SQLMap, targeting a WordPress site with the vulnerable plugin version installed.

Remediation

Users are advised to update to the patched version of the Supsystic Ultimate Maps plugin.

Added: May 16, 2026, 4:31 PM

Updated: May 16, 2026, 4:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.7

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.7

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Supsystic Ultimate Maps SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Supsystic Ultimate Maps

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating