CVE-2026-3222

{"id": "CVE-2026-3222", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-11T06:17:14.777", "references": [{"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/core/class.model.php#L328", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/wp-google-map-plugin.php#L250", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/wp-google-map-plugin.php#L590", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/core/class.model.php#L328", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/wp-google-map-plugin.php#L250", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/wp-google-map-plugin.php#L590", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3475665/wp-google-map-plugin/trunk/core/class.model.php", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3475665/wp-google-map-plugin/trunk/wp-google-map-plugin.php", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3475665%40wp-google-map-plugin%2Ftrunk&old=3439153%40wp-google-map-plugin%2Ftrunk&sfp_email=&sfph_mail=", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b612267c-a125-4153-9de7-bb12a7646021?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer (`FlipperCode_Model_Base::is_column()`) treating user input wrapped in backticks as column names, bypassing the `esc_sql()` escaping function. Additionally, the `wpgmp_ajax_call` AJAX handler (registered for unauthenticated users via `wp_ajax_nopriv`) allows calling arbitrary class methods including `wpgmp_return_final_capability`, which passes the unsanitized `location_id` GET parameter directly to a database query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "lastModified": "2026-03-11T13:52:47.683", "sourceIdentifier": "security@wordfence.com"}