Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy2map | easy2map-photos | 1.09 |
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy2map | easy2map-photos | 1.09 |
Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy2map | easy2map | * |
Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy2map | easy2map | * |