CVE-2023-0037: 10WebMapBuilder < 1.0.73 - Unauthenticated SQLi
First published: Mon Mar 13 2023(Updated: )
The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10Web Map Builder for Google Maps WordPress | <1.0.73 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-0037?
CVE-2023-0037 is a vulnerability in the 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 that allows SQL injection.
What is the severity of CVE-2023-0037?
CVE-2023-0037 has a severity rating of 9.8, which is classified as critical.
How does CVE-2023-0037 affect the 10Web Map Builder for Google Maps WordPress plugin?
CVE-2023-0037 affects the 10Web Map Builder for Google Maps WordPress plugin before version 1.0.73.
How can the SQL injection vulnerability in CVE-2023-0037 be exploited?
The SQL injection vulnerability in CVE-2023-0037 can be exploited by unauthenticated users through an AJAX action.
How can I fix CVE-2023-0037?
To fix CVE-2023-0037, it is recommended to update the 10Web Map Builder for Google Maps WordPress plugin to version 1.0.73 or later.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/10web
- canonical/10web map builder for google maps wordpress