Description
WordPress Plugin Easy2Map Photos is prone to multiple vulnerabilities, including SQL injection and directory traversal vulnerabilities, because it fails to sufficiently sanitize and verify user-supplied data. Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database or to create files outside of the intended upload directory. WordPress Plugin Easy2Map Photos version 1.0.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.0 or latest
References
http://www.vapidlabs.com/advisory.php?v=130
https://packetstormsecurity.com/files/132613/WordPress-Easy2Map-Photos-1.09-SQL-Injection.html
Related Vulnerabilities
Drupal Core 8.6.x Multiple Vulnerabilities (8.6.0 - 8.6.1)
WordPress Plugin LittleBot ACH for Stripe + Plaid Unspecified Vulnerability (1.2.6)
Oracle JRE CVE-2013-0424 Vulnerability (CVE-2013-0424)
WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)
Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)