CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31116 – WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31116
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en 10Web 10Web Map Builder para Google Maps. Este problema afecta a 10Web Map Builder para Google Maps: desde n/a hasta 1.0.74. The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/wd-google-maps/wordpress-10web-map-builder-for-google-maps-plugin-1-0-74-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45272 – 10Web Map Builder for Google Maps <= 1.0.73 - Missing Authorization to Notice Dismissal
https://notcve.org/view.php?id=CVE-2023-45272
The 10Web Map Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gmwd_bp_install_notice_status function in versions up to, and including, 1.0.73. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to dismiss installation notices. • CWE-862: Missing Authorization •