Description

WordPress Plugin Easy2Map Photos is prone to multiple vulnerabilities, including SQL injection and directory traversal vulnerabilities, because it fails to sufficiently sanitize and verify user-supplied data. Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database or to create files outside of the intended upload directory. WordPress Plugin Easy2Map Photos version 1.0.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.1.0 or latest

References

http://www.vapidlabs.com/advisory.php?v=130

https://packetstormsecurity.com/files/132613/WordPress-Easy2Map-Photos-1.09-SQL-Injection.html

http://www.openwall.com/lists/oss-security/2015/07/08/2

http://seclists.org/bugtraq/2015/Jul/46

Related Vulnerabilities

WordPress Plugin Easing Slider Multiple Cross-Site Scripting Vulnerabilities (2.2.0.6)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Cross-Site Request Forgery (3.6.4)

Joomla Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2016-10033)

Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)

WordPress Plugin Gallery for Social Photo Cross-Site Request Forgery (1.0.0.27)

Severity

High

Classification

CVE-2015-4615 CVE-2015-4617 CWE-22 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update