1. Reverse Engineering >
  2. Exploits >
  3. wp-google-maps Plugin up to 7.11.17 on WordPress REST API class.rest-api.php SELECT Statement sql injection

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

wp-google-maps Plugin up to 7.11.17 on WordPress REST API class.rest-api.php SELECT Statement sql injection


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in wp-google-maps Plugin up to 7.11.17 on WordPress (WordPress Plugin). It has been rated as critical. This issue affects an unknown code of the file includes/class.rest-api.php of the component REST API. Upgrading to version 7.11.18 eliminates this vulnerability....

Externe Webseite mit kompletten Inhalt öffnen



https://vuldb.com/?id.132731

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • SQL Injection Payload List

    vom 2288.63 Punkte ic_school_black_18dp
    SQL InjectionIn this section, we'll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.What is SQL injection (SQLi)?SQL
  • Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

    vom 1141.03 Punkte ic_school_black_18dp
    Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi
  • Issues related to referrer validation in the admin

    vom 1075.33 Punkte ic_school_black_18dp
    Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • A server-side request forgery in the way that URLs were validated

    vom 1074.87 Punkte ic_school_black_18dp
    HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • A way to create a stored XSS to inject Javascript into style tags

    vom 1071.87 Punkte ic_school_black_18dp
    Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Prevent unauthenticated views of publicly queryables content types

    vom 1071.87 Punkte ic_school_black_18dp
    The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • Escape file name for wp_ajax_upload_attachment to prevent XSS

    vom 1016.55 Punkte ic_school_black_18dp
    Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.
  • Improve comment content filtering

    vom 950.86 Punkte ic_school_black_18dp
    With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7
  • Object injection in metadata by contributors

    vom 894.76 Punkte ic_school_black_18dp
    Contributors could craft meta data in a way that could result in PHP object injection. Part of security release 5.0.1 This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • Possible indexed activation screen could lead to exposure of sensitive information

    vom 888.62 Punkte ic_school_black_18dp
    The user activation screen could be indexed by search engines in some uncommon configurations which could lead to exposure of email addresses, and in some rare cases, default generated passwords. Part of security release 5.0.1 This vulnerability aff
  • Bypass MIME verification by specifically crafted files

    vom 888.62 Punkte ic_school_black_18dp
    Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability. Part of security release 5.0.1 This vulnerability affects the following application versions: Wo
  • Ability to create unauthorized posts types

    vom 888.62 Punkte ic_school_black_18dp
    Authors could create posts of unauthorized post types with specially crafted input. Part of security release 5.0.1 This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

Team Security Diskussion über wp-google-maps Plugin up to 7.11.17 on WordPress REST API class.rest-api.php SELECT Statement sql injection