Thomas Chauchefoin (Synacktiv)

1 exploit Active since Apr 2019
CVE-2019-10692 METASPLOIT CRITICAL ruby WORKING POC
WP Go Maps < 7.11.18 - SQL Injection via REST API Field Name
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
CVSS 9.8