Share
## https://sploitus.com/exploit?id=784377CB-53C9-5014-8473-DBA4A5E81E52
# WP Maps Exploit - Time-Based Blind SQL Injection (CVE-2026-3222)
[](https://www.python.org/)
[](LICENSE)
[](https://vulners.com/cve/CVE-2026-3222)
[-orange)](https://nvd.nist.gov/vuln/detail/CVE-2026-3222)
A proof-of-concept exploit for the SQL Injection vulnerability in WP Maps plugin versions ≤ 4.9.1. This tool demonstrates how unauthenticated attackers can extract sensitive information from the WordPress database.
## About the Vulnerability
| Detail | Information |
|---------|------------|
| **CVE ID** | CVE-2026-3222 |
| **CVSS Score** | 7.5 (HIGH) |
| **Attack Vector** | Network (AV:N) |
| **Complexity** | Low (AC:L) |
| **Authentication** | None required (PR:N) |
| **Impact** | Confidentiality (HIGH) |
### Technical Description
The WP Maps plugin (versions ≤ 4.9.1) contains a **time-based blind SQL Injection** vulnerability due to:
1. The AJAX handler `wpgmp_ajax_call` is registered for **unauthenticated users** via `wp_ajax_nopriv`
2. It allows calling arbitrary class methods, including `wpgmp_return_final_capability`
3. The `location_id` parameter is passed **unsanitized** to the database query
4. The database abstraction layer treats user input wrapped in backticks as column names, **bypassing `esc_sql()` escaping**
### Affected Versions
- **Vulnerable**: WP Maps ≤ 4.9.1
- **Patched**: WP Maps ≥ 4.9.2
## Exploit Features
| Feature | Description |
|---------|-------------|
| **Automatic Detection** | Checks if target is vulnerable with time-based test |
| **Extract DB Version** | Gets database version (MySQL, MariaDB) |
| **Extract DB User** | Discovers database user |
| **Extract DB Name** | Gets current database name |
| **Extract Tables** | Lists all database tables |
| **Extract WP Users** | Gets usernames and password hashes |
| **Multi-threading** | Efficient data extraction |
| **Windows Fixed** | Works on Windows, Linux and Mac |
## Installation
### Prerequisites
- Python 3.6 or higher
- pip (Python package manager)
### Installation Steps
1. **Clone the repository**
```bash
git clone https://github.com/your-username/wp-maps-exploit.git
cd wp-maps-exploit