CVE-2026-3222
WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter
The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer (`FlipperCode_Model_Base::is_column()`) treating user input wrapped in backticks as column names, bypassing the `esc_sql()` escaping function. Additionally, the `wpgmp_ajax_call` AJAX handler (registered for unauthenticated users via `wp_ajax_nopriv`) allows calling arbitrary class methods including `wpgmp_return_final_capability`, which passes the unsanitized `location_id` GET parameter directly to a database query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
flippercode · WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/core/class.model.php#L328https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/wp-google-map-plugin.php#L250https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/wp-google-map-plugin.php#L590https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/core/class.model.php#L328https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/wp-google-map-plugin.php#L250https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/wp-google-map-plugin.php#L590https://plugins.trac.wordpress.org/changeset/3475665/wp-google-map-plugin/trunk/core/class.model.phphttps://plugins.trac.wordpress.org/changeset/3475665/wp-google-map-plugin/trunk/wp-google-map-plugin.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3475665%40wp-google-map-plugin%2Ftrunk&old=3439153%40wp-google-map-plugin%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/b612267c-a125-4153-9de7-bb12a7646021?source=cve