{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T22:28:49.988","vulnerabilities":[{"cve":{"id":"CVE-2026-3222","sourceIdentifier":"security@wordfence.com","published":"2026-03-11T06:17:14.777","lastModified":"2026-06-17T10:43:14.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer (`FlipperCode_Model_Base::is_column()`) treating user input wrapped in backticks as column names, bypassing the `esc_sql()` escaping function. Additionally, the `wpgmp_ajax_call` AJAX handler (registered for unauthenticated users via `wp_ajax_nopriv`) allows calling arbitrary class methods including `wpgmp_return_final_capability`, which passes the unsanitized `location_id` GET parameter directly to a database query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."},{"lang":"es","value":"El plugin WP Maps para WordPress es vulnerable a inyección SQL ciega basada en tiempo a través del parámetro 'location_id' en todas las versiones hasta, e incluyendo, la 4.9.1. Esto se debe a que la capa de abstracción de base de datos del plugin (`FlipperCode_Model_Base::is_column()`) trata la entrada del usuario envuelta en comillas invertidas como nombres de columna, omitiendo la función de escape `esc_sql()`. Además, el gestor AJAX `wpgmp_ajax_call` (registrado para usuarios no autenticados a través de `wp_ajax_nopriv`) permite llamar a métodos de clase arbitrarios, incluyendo `wpgmp_return_final_capability`, que pasa el parámetro GET `location_id` sin sanitizar directamente a una consulta de base de datos. Esto hace posible que atacantes no autenticados añadan consultas SQL adicionales a consultas ya existentes que pueden ser usadas para extraer información sensible de la base de datos."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"flippercode","product":"WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-11T14:06:05.779989Z","id":"CVE-2026-3222","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/core/class.model.php#L328","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/wp-google-map-plugin.php#L250","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/wp-google-map-plugin.php#L590","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/core/class.model.php#L328","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/wp-google-map-plugin.php#L250","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/trunk/wp-google-map-plugin.php#L590","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3475665/wp-google-map-plugin/trunk/core/class.model.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3475665/wp-google-map-plugin/trunk/wp-google-map-plugin.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3475665%40wp-google-map-plugin%2Ftrunk&old=3439153%40wp-google-map-plugin%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b612267c-a125-4153-9de7-bb12a7646021?source=cve","source":"security@wordfence.com"}]}}]}