I want to bring to your attention a critical security issue with the plugin. It was identified that the plugin is vulnerable to SQL Injection. This poses a significant security risk to the website.

Could you please confirm if a patch or an update is in development to resolve this issue?

We would greatly appreciate your prompt assistance in this matter.

Thank you

https://wpscan.com/vulnerability/16108c86-4388-4600-99cd-8bffdbb221ca/?site=peaceatthetable.world

Please advise and thanks

The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Then there are things such as escaping quotes to avoid SQL-injection and so on (https://developer.mozilla.org/en-US/docs/Learn/Server-side/First_steps/Website_security) is a good start.

PHP, for example, currently have hard to hack but still doable bug which interestingly is how FBI broke in to an illegal hacker (cracker) site. Security is largely an unknown subject in-spite of how often it is discussed.

Do you have any plans on implementing any of these in your plugin?

This is not good and makes the sites non-compliant with European privacy legislation and there must be the possibility to deactivate them.
Does anyone have a solution?

SQL injection should not an issue in 2023 (or 10 years ago) because its extremely easy to prevent. Such issues existing show a very low quality development team that have no knowledge of security

Do not use this plugin.

Once we manually whitelisted the IP address, the payment went through, but we’re curious as to what caused it and are hoping we don’t have to whitelist every attempted payment on our website! Please and thank you.

I hope this email finds you well. We are facing a challenge with our web server that is utilizing ModSecurity, a web application firewall. Our server detected potential SQL injection attempts which seem to be associated with the groundhogg-page-visits cookie added by the Groundhogg plugin. Below are the details of the log observations that led to this issue:Suspicious Data in Cookies:

The server logs indicate that the suspicious data triggering the SQL injection detection were found within REQUEST_COOKIES:groundhogg-page-visits. This suggests that some data contained in this cookie was interpreted by ModSecurity as an SQL injection attempt.Detection Rule:

The detection was associated with ModSecurity rule ID 942100, which is set up to identify suspicious activities associated with SQL injection attempts via libinjection.

We are seeking your assistance to better understand how we can adjust this situation, ensuring the security of our website while effectively utilizing the Groundhogg plugin. The specific questions we have are:

1. Is there any specific setting in the Groundhogg plugin that can be adjusted to prevent these types of detections from occurring?
2. Is the Groundhogg plugin known to be compatible with ModSecurity? If so, is there any documentation or guide you can share on how to configure both to work in harmony?
3. If there is any known conflict between Groundhogg and ModSecurity, is there a recommended solution or best practice to resolve this conflict?

We thank you in advance for your assistance and are available to provide any additional information required or to work with you to resolve this issue.

Warm regards,
Marks

ERROR_LOG:

---k3n6gq1W---H--
ModSecurity: Warning. detected SQLi using libinjection. [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: sos found within REQUEST_COOKIES:groundhogg-page-visits: [["/XXXXXXX/",[[XXXXXXXX,0],[XXXXXXXX,0]]],["/",[[XXXXXXXX,0],[XXXXXXXX,0],[XXXXXXXX,0]]],["/XXXXXXX/XXXXXXX/",[[XXXXXXXX (11 characters omitted)"] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [hostname "XXXXXXX"] [uri "/XXXXXXX/XXXXXXX/XXXXXXX.html"] [unique_id "XXXXXXXXXXXXXXXX"] [ref "v1787,140"]
ModSecurity: Access denied with code 302 (phase 2). Matched "Operator Ge' with parameter5' against variable TX:ANOMALY_SCORE' (Value:5' ) [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "XXXXXXX"] [uri "/XXXXXXX/XXXXXXX/XXXXXXX.html"] [unique_id "XXXXXXXXXXXXXXXX"] [ref ""]

---k3n6gq1W---Z--