プラットフォーム
wordpress
コンポーネント
wp-google-map-plugin
修正版
5.0.0
CVE-2026-3222 is a privilege escalation vulnerability found in the openclaw component. This flaw allows an attacker to silently widen the scope of a paired device from 'operator.read' to 'operator.admin', potentially enabling Remote Code Execution (RCE) on the node. The vulnerability affects versions of openclaw up to and including 2026.3.24, and a patch is available in version 2026.3.25.
CVE-2026-3222 in the WP Maps plugin for WordPress presents a significant risk to websites utilizing it. It allows an attacker to inject time-based blind SQL code through the 'locationid' parameter. This is due to a flaw in the plugin's database abstraction layer, specifically within the FlipperCodeModelBase::iscolumn() function, which incorrectly interprets user input enclosed in backticks as column names, thus bypassing the escsql() escaping function. The wpgmpajaxcall AJAX handler, registered for unauthenticated users via wpajax_nopriv, exacerbates the issue by allowing the invocation of arbitrary class methods, facilitating exploitation. An attacker could potentially extract sensitive database information, modify data, or even gain control of the website.
The vulnerability is exploited through the 'locationid' parameter in AJAX requests to the wpgmpajax_call endpoint. An attacker can construct a malicious SQL payload that utilizes backticks to bypass escaping and extract data from the database. The time-based blind nature of the injection means the attacker must infer the database response by observing server response times. The accessibility of the AJAX endpoint to unauthenticated users simplifies exploitation, as no authentication is required to launch the attack. The combination of these factors makes this vulnerability particularly dangerous.
エクスプロイト状況
EPSS
0.21% (43% パーセンタイル)
CISA SSVC
CVSS ベクトル
The most effective mitigation for this risk is to immediately update the WP Maps plugin to version 4.9.2 or higher. This version includes a fix for the time-based blind SQL injection vulnerability. In the interim, as a temporary measure, it is recommended to restrict access to the wpgmpajaxcall AJAX endpoint to authenticated users with appropriate privileges. Furthermore, regular security audits of the website are crucial to identify and address potential vulnerabilities. Monitoring server logs for suspicious activity related to the WP Maps plugin can also help detect and respond to exploitation attempts.
バージョン 4.9.2、またはそれ以降の修正バージョンにアップデートしてください
脆弱性分析と重要アラートをメールでお届けします。
It's a type of attack where the attacker infers information from the database by observing the server's response times. There's no direct visible response, but the attacker deduces information based on how long the server takes to respond to different queries.
It allows an attacker to access sensitive database information, modify data, or even gain control of the website, which can have severe security and privacy consequences.
As a temporary measure, restrict access to the wpgmpajaxcall AJAX endpoint to authenticated users and monitor server logs for suspicious activity.
If you are using a version of WP Maps prior to 4.9.2, your website is vulnerable. You can use vulnerability scanning tools to confirm.
You can find more information about CVE-2026-3222 in vulnerability databases such as the National Vulnerability Database (NVD) and on the WP Maps support forums.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。