CVE-2022-1123: 
WordPress vulnerability analysis and mitigation

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before version 3.12.5 contains a SQL injection vulnerability identified as CVE-2022-1123. The vulnerability was discovered by Ihor Bliumental and publicly disclosed on August 8, 2022. The plugin fails to properly sanitize certain parameters before inserting them into SQL queries, potentially allowing high-privilege users to perform SQL injection attacks (WPScan, CVE Mitre).

The vulnerability exists in the plugin's import-export functionality where two parameters, 'filter-operator1' and 'filter-operator2', are not properly sanitized before being used in SQL queries. The vulnerability has been assigned a CVSS score of 6.8 (medium) and is classified as a SQL Injection (SQLI) vulnerability, falling under the OWASP Top 10 category A1: Injection and CWE-89 (WPScan).

When exploited, this vulnerability could allow authenticated users with high privileges to perform SQL injection attacks against the affected WordPress installation. This could potentially lead to unauthorized access to or manipulation of the database (WPScan).

Users are advised to update the Leaflet Maps Marker plugin to version 3.12.5 or later, which contains the fix for this vulnerability (WPScan).