CVE-2015-4615

Name of the Vulnerable Software and Affected Versions Easy2map-photos WordPress Plugin version 1.09

Description The issue allows SQL Injection due to unsanitized variables, including mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML, and mapID.

Recommendations For Easy2map-photos WordPress Plugin version 1.09, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to the plugin's functionality that utilizes these variables to minimize the risk of exploitation. Avoid using the variables mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML, and mapID in sensitive operations until the issue is resolved.