WP Maps Plugin Unauthenticated SQL Injection Vulnerability

A time-based SQL injection vulnerability has been identified in the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress. This vulnerability exists in all versions through 4.9.1 and allows unauthenticated attackers to exploit the 'orderby' parameter. The issue arises from inadequate escaping of user-supplied data and insufficient preparation of the SQL query, enabling attackers to inject additional SQL commands that could be used to extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract information from the database. This could potentially lead to unauthorized access to sensitive data.

Reproduction

To reproduce this vulnerability, send a request to a vulnerable WordPress site with the 'orderby' parameter. The lack of proper input validation will allow the injection of malicious SQL code, which can be used to extract database information.

Remediation

Users are advised to update the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin to version 4.9.2 or later.