Close

04.04.2019

WP Google Maps Plugin Vulnerable to SQL Injection Exploit

A high priority update was issued by WP Google Maps WordPress plugin to fix a vulnerability. The plugin could allow a malicious hacker to take control of a website. It is highly recommended that users of this plugin update to the latest version. Failure to do so may expose your site to a SQL Injection attack.

WP Google Maps Plugin Vulnerability

The vulnerability was reported by the WPScan Vulnerability Database. It reports that versions 7.11.00 through 7.11.17 are vulnerable to an Unauthenticated SQL Injection exploit.

A SQL Injection exploit could expose your database to an attacker who can then make changes to a WordPress website.

The WP Google Maps changelog listed the most recent update as high priority. It describes the issue as a “potential REST API exploit.”

Screenshot of the WP Google Maps ChangelogThis is a screenshot from the Official WP Google Maps Plugin changelog. It indicates that this update is very important because it fixes a security issue.

How to Fix the WP Google Maps Plugin Vulnerability

It is prudent to log in to your WordPress installation then proceed to your Plugins Page or to your Updates page. If Your WP Google Maps Plugin is a version is between 7.11.00 and 7.11.17, you need to update. Your WordPress Plugins or Updates screen will likely notify you if the plugin needs to be updated.

Why this WordPress Plugin Update is Important

The WP Google Maps plugin is a highly popular WordPress plugin that allows publishers to add a customized Google Map to any WordPress page or post. The plugin is used by over 400,000 publishers and businesses. This popularity makes the exploit attractive to hackers.