CVE-2021-24130

HIGH

Weplugins WP Maps < 4.1.5 - SQL Injection

Title source: rule
STIX 2.1

Description

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/46af9a4d-67ac-4e08-a753-a2a44245f4f8

Scores

CVSS v3 7.2
EPSS 0.0142
EPSS Percentile 69.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
weplugins/wp_maps < 4.1.5
Published Mar 18, 2021
Tracked Since Feb 18, 2026