CVE-2023-0037

CRITICAL EXPLOITED NUCLEI

10Web Map Builder <1.0.73 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2023-0037 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Nuclei Templates (1)

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

CRITICALVERIFIEDby riteshs4hu

References (2)

Core 2

Core References

Broken Link

https://bulletin.iese.de/post/wd-google-maps_1-0-72_1

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56

Scores

CVSS v3 9.8

EPSS 0.0391

EPSS Percentile 88.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2023-03-03

Status published

Products (1)

10web/map_builder_for_google_maps < 1.0.73

Published Mar 13, 2023

Tracked Since Feb 18, 2026