Description

WordPress Plugin Google Map contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Google Map version 1.4 is vulnerable.

Remediation

Disable the plugin until a fix is available

References

https://www.pluginvulnerabilities.com/2017/12/20/hundreds-of-websites-still-using-intentionally-malicious-wordpress-plugins-three-years-after-being-removed-from-plugin-directory/

https://www.pluginvulnerabilities.com/2016/10/24/a-good-example-of-why-wordpress-keeping-quiet-about-unfixed-plugin-vulnerabilities-doesnt-make-sense/

Related Vulnerabilities

Joomla! Core Directory Traversal (2.5.0 - 3.9.22)

Joomla! Core Multiple Vulnerabilities (1.5.0 - 3.8.11)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6883)

WordPress Plugin WP DSGVO Tools (GDPR) PHP Object Injection (2.0.4)

WordPress Improper Input Validation Vulnerability (CVE-2020-35539)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update