WordPress Google Map Plugin < 4.0.4 - SQL Injection

Summary

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases. WordPress is a personal blog system, and gradually evolved into a content management system software, which is developed using PHP language and MySQL database. Users can use their own blogs on servers that support PHP and MySQL databases.
The Intergeo Google Maps WordPress plugin is the best tool for handling Google Maps in your website. This simple WordPress map plugin allow users to create new custom maps by using powerful UI map builder. Created maps could be easily edited and saved with new settings. To increase the speed of creation process the plugin has ability to clone a map with all it’s settings. Finally the plugin has attractive library which allows users to browse all maps in the system and delete unnecessary maps.We’ve also built some fantastic business themes that integrate with Intergeo Google Maps perfectly, check them out.The easiest way to reproduce the vulnerabilities is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings page. Users that do not have full administrative privileges could abuse the database access the vulnerabilities provide to either escalate their privileges or obtain and modify database contents they were not supposed to be able to.

Solution

1.At present, the manufacturer has not provided a patch or an upgrade procedure. We recommend that users who use this software keep an eye on the vendor's homepage to obtain the latest version:https://wordpress.org/plugins/intergeo-maps/
2.Customers who buy the next-generation firewall of Sangfor can turn on the WAF defense module to easily defend against such vulnerabilities