CVE-2023-0037: 
WordPress vulnerability analysis and mitigation

CVE-2023-0037 affects the 10Web Map Builder for Google Maps WordPress plugin versions before 1.0.73. The vulnerability was discovered by Daniel Krohmer (Fraunhofer IESE) and Kunal Sharma (University of Kaiserslautern), and was publicly disclosed on February 20, 2023. This security issue impacts WordPress installations using the affected plugin versions (WPScan).

The vulnerability is classified as an SQL Injection (SQLI) with a CVSS score of 8.6 (High). The issue stems from improper sanitization and escaping of parameters before their use in SQL statements via an AJAX action that is accessible to unauthenticated users. This vulnerability falls under the OWASP Top 10 category A1: Injection and is categorized as CWE-89 (WPScan).

As an unauthenticated SQL injection vulnerability, this security flaw could allow attackers to manipulate the database queries, potentially leading to unauthorized access to sensitive data, modification of database contents, or execution of malicious database operations without requiring authentication (WPScan).

The vulnerability has been fixed in version 1.0.73 of the 10Web Map Builder for Google Maps plugin. Users are strongly advised to update to this version or later to protect their WordPress installations (WPScan).