CVE-2023-0037

CRITICAL EXPLOITED NUCLEI

10Web Map Builder <1.0.73 - SQL Injection

Title source: llm

Description

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Nuclei Templates (1)

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

CRITICALVERIFIEDby riteshs4hu

References (2)

[Broken Link] https://bulletin.iese.de/post/wd-google-maps_1-0-72_1

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56

Scores

CVSS v3 9.8

EPSS 0.6558

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-03-03

Status published

Products (1)

10web/map_builder_for_google_maps < 1.0.73

Published Mar 13, 2023

Tracked Since Feb 18, 2026