A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.

** Zero-Day Advisory**

**Fortinet Discovers WordPress Give SQL Injection Vulnerability**

**Summary**

Fortinet's FortiGuard Labs has discovered a SQL injection vulnerability in Impress GiveWP Give plugin for WordPress.

Give is the highest rated, most downloaded, and best supported donation plugin for WordPress. Built from the ground up for all fundraising needs, Give provides a powerful donation platform optimized for online giving.  

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php or includes/donors/class-give-donors-query.php

**Solutions**

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

**WordPress.Impress.Give.SQL.Injection**

Users should apply the solution provided by Impress

**Timeline**

Fortinet reported the vulnerability on 11 July, 2019

Give replied the team is investigating the report on 11 July, 2019

Give confirmed the vulnerability and released patch on 13 July, 2019. Give Team asked for a disclosure as near to 11 August as possible to give users as much time as possible to upgrade.

**Acknowledgement**

This vulnerability was discovered by Tin Duong of Fortinet's FortiGuard Labs.

**IPS Subscription**

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.

CVE-2019-13578: Fortiguard

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

CVE-2019-14788

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.

CVE-2019-14786

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.

CVE-2016-10867: All-In-One Security (AIOS) – Security and Firewall

The events-manager plugin before 5.6 for WordPress has code injection.

CVE-2015-9298: Events Manager

The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.

CVE-2015-9304: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

The simple-membership plugin before 3.5.7 for WordPress has XSS.

CVE-2017-18499: Simple Membership

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.

* Details
* Reviews
* Installation
* Development

The most advanced yet easy to use Google maps plugin for WordPress. Create beautifully styled, modern & responsive google maps with multiple locations, custom marker icons, marker categories, custom infowindow messages, images and more. Enable marker category filter on frontend to allow users to filter the locations.

> 👉 Create multiple google maps with different marker icons, marker categories and locations assigned to them. 
> 👉 All of the best web practices applied to make google maps load faster.

With just few clicks, you will be able to add beautifully designed custom google maps to any page / post or widget with help of generated shortcode.

Contact Dedicated Support team for setup configurations needs or for any other assistance.

Google autosuggest enabled location form helps you as site administrator to create unlimited markers and then assign these markers to a google map. It’s super easy.

> Here is a quick highlight on the numerous customizable features offered by the free and pro versions of the **WP MAPS PRO Version**.

**Lite Version (Free)**

> ➡️ Create multiple google maps with different marker icons, marker categories and locations assigned to them. 
> ➡️ Add unlimited locations with various information. 
> ➡️ Assign multiple locations to a single google maps. 
> ➡️ Display a info window message to any location. 
> ➡️ Maps Marker Infowindow Open On: Mouse Click or Mouse Hover. 
> ➡️ Display Google Maps on posts/pages using shortcode. 
> ➡️ Centering the map according to assigned locations. 
> ➡️ Decide center latitude and longitude for each map separtely. 
> ➡️ Easy way to assign category to any location. 
> ➡️ Select your marker icon for markers. 
> ➡️ Enable marker cluster functionality for markers. 
> ➡️ Easily edit or delete google map functionality. 
> ➡️ Assign your own markers to categories or choose colorful markers from +500 readymade markers provided by the Maps Icons Collection. 
> ➡️ Select among 4 map type : Roadmap,Satellite,Hybrid,Terrain 
> ➡️ Set your map height and width. 
> ➡️ Set Google maps zoom level. 
> ➡️ Google Maps can be Draggable 
> ➡️ Display traffic real time conditions and overlays using Layers. 
> ➡️ Add bicycle path information to your maps using the Bicycling Layer. 
> ➡️ Enable Google Map Transit layer 
> ➡️ Marker Animation on Click or Mouse hover the marker. 
> ➡️ 45° imagery functionality 
> ➡️ Add circle in your Maps plugin 
> ➡️ Create a Google maps just in seconds. 
> ➡️ Street view supported 
> ➡️ widget supportive : Display Google Maps on sidebars using widget. 
> ➡️ Pov Heading and Pov Pitch for street view. 
> ➡️ Fully Responsive.Display your map perfectly on all devices. 
> ➡️ Create 100% responsive maps effortlessly.Tested on real devices. 
> ➡️ A Cross Browser Compatible plugin. Fully tested on IE8, IE9, IE10 and all major browsers 
> ➡️ Multi-lingual Supported. 
> ➡️ Multisite Enabled and ability to activate it network wide. 
> ➡️ Map Stylization : Customizable Google maps style from https://snazzymaps.com. 
> ➡️ Search control on frontend map to search location easily. 
> ➡️ Filter markers by category. 
> ➡️ No content / data loss when migrating from free version to pro version.

**Additional Features Available In Pro**

WP MAPS PRO

Pro version plugin contains all the features of free version plugin plus some additional features which are listed below

> 👉 Listing : Display listing in grid or list style under map. Fully responsive listing. 
> 👉 Map Layers : Display Traffic Layer , Bicycling Layer, Transit layer 
> 👉 Import/Export Locations : Import Export Locations supported using CSV.Sample csv is attached in pro version. 
> 👉 Draw shapes : rectangle, circle, polygon and polyline. 
> 👉 Display unlimited shapes. Display Message on shape click or Redirect to external link. 
> 👉 Direction & Route : Directions & Route Suggestion. Display directions results in KM and MILES. 
> 👉 Sort listing by location, category and address alphabetically in location listing. 
> 👉 Marker Category : Assign multiple categories to a location. 
> 👉 Infowindow Contents: Customize infowindow contents with help of Placeholders. 
> 👉 Display Posts Information, custom fields, taxonomies and featured images on infowindow message using placeholders. 
> 👉 Unlimited number of map markers and locations. 
> 👉 Set your own google map marker icon 
> 👉 Drag and drop feature for markers, custom animation support 
> 👉 Allows to display the user location on map. 
> 👉 Nearby locations based on user’s current location. 
> 👉 Display Posts/Pages or Custom Post Types on google maps using **custom fields**. 
> 👉 Center the map based on visitor’s current location. 
> 👉 Define overlays on Google maps via an easy to use interface. 
> 👉 Integrate GEOJSON in to google maps. 
> 👉 Display multiple Kml/Kmz Layer on the map. 
> 👉 Fusion Table Layers. 
> 👉 Add Geo location 
> 👉 Add any number of Google maps on pages/posts/sidebars. 
> 👉 Allows to insert the map as widget on sidebars. 
> 👉 Add unlimited locations using an easy to use interface for Google Maps. 
> 👉 Display location title, location category, location latitude, location longitude with location message in the infowindow. 
> 👉 Create unlimited maps and display on posts/pages using shortcode or in sidebar using widget. 
> 👉 Design your own Google map skins easily. Turn ON/OFF roads, places, water area. 
> 👉 Ability to display infowindow on mouse click on mouse hover. 
> 👉 Display your map perfectly on all devices. Create 100% responsive maps effortlessly. 
> 👉 Multi-lingual Supported. 
> 👉 Display physical maps based on terrain information. 
> 👉 Display Google Earth satellite images on just one click. 
> 👉 Display maps in a blend of normal and satellite views. 
> 👉 Setup POV Heading and POV Pitch of Street View to customize Street View output of a location. 
> 👉 Full support of controls of the Google map, such as zoom control, map type control, scale control, street view control, fullscreen and rotate control 
> 👉 Drag and drop feature for markers, custom animation support 
> 👉 Modify Locating Listing using Placeholder. 
> 👉 Hooks Supported – Use actions & filters to modify map,markers,listing and associated html on fly. 
> 👉 Display locations listing with filters & pagination. Fully customizable using backend settings and hooks. 
> 👉 Use “wpgmp\_geo\_tags\_args”, “wpgmp\_geo\_featured\_image”, “wpgmp\_geotags\_placeholder”, “wpgmp\_geotags\_content” hooks to extend Posts on google maps functionality as you want. 
> 👉 Use External Database or Sources to add markers on google maps using new filter wpgmp\_marker\_source. 
> 👉 Load markers from external database or API sources with help of filters (Hooks). 
> 👉 A Cross Browser Compatible plugin. Fully tested on IE8, IE9, IE10 and all major browsers 
> 👉 Multisite Enabled and ability to activate it network wide. 
> 👉 Visit our Pro Edition WP MAPS PRO 
> 👉 Fully extensible & scalable plugin to make it ready for customisations according to website / business requirements.

**Live Examples**

* WP MAPS PRO LIVE DEMOS

**Links**

Upgrade to Pro | 
Live Examples | 
Developed by flippercode

This section describes how to install the plugin and get it working.

 1. Upload the wp-google-map-plugin directory to the /wp-content/plugins/ folder
 
 2. Once the plugin is uploaded log into WordPress and go to Plugins
 
 3. Find the wp-google-map-pluginplugin and click Activate Plugin
 
 =How to work=
 
 1. Go to settings page of plugin and insert your google maps api key. see full instruction [How to create Api key](https://www.wpmapspro.com/docs/how-to-create-an-api-key/)
 
 2. First create your locations using 'Add Location' page.
 
 3. Then create your first map using 'Add Map' page and assign your locations.
 
 4. Each map is assoicated to a shortcode. You can view shortcode on 'Manage Maps' and copy and paste it on your pages or posts. You can display your google maps in the sidebar using widget. 
 

**Documentation**

* Get Started

**Can I create a custom marker ?**

Yes, you can upload your own marker image or you can choose from readymade icons.

**Do I need to calculate latitude & longitude myself ?**

No, Address field is google autosuggest enabled so you just start typing and choose your address. Latitude & Longitude will be calculated automatically.

**How many locations I can assign to the map?**

You can assign as many as location you want to display on google maps.

**How to display map on page?**

Go to ‘Manage Maps’ and copy the shortcode for your map. Each map will have own shortcode. You just paste that on your page.

**Can I display map using widget?**

Yes, First create your map and then you can display your map in sidebar from widget section.

**How to register google maps api key?**

Go to \[Google Maps API console\] 
(https://console.developers.google.com/flows/enableapi?apiid=maps\_backend,geocoding\_backend,directions\_backend,distance\_matrix\_backend,elevation\_backend,places\_backend&keyType=CLIENT\_SIDE&reusekey=true&pli=1) 
and you can create your google maps api key here.

We have a guide \[Important Changes in Google Maps\] 
(https://console.developers.google.com/flows/enableapi?apiid=maps\_backend,geocoding\_backend,directions\_backend,distance\_matrix\_backend,elevation\_backend,places\_backend&keyType=CLIENT\_SIDE&reusekey=true)

**How to upgrade to pro version?**

You can purchase WP MAPS PRO and then just keep your lite version deactivated and then activate the pro version. You’ll not loss any of your data. Your all data will be migrated to pro version automatically.

**Do we have Live Demo?**

Yes, You can click on WP MAPS PRO LIVE DEMOS and mail us at hello at flippercode dot com if any pre-purchase query.

**Do we have a Documentation?**

Yes, You can click on WP MAPS PRO TUTORIALS and you will get all documentation with proper steps and video tutorials.

**Do we have offer refund?**

Yes, You can get refund any time if pro version is not suitable for you.

**Do we have offer customization?**

Yes, You can mail us your requirement at hello at flippercode dot com.

Been looking for a free plugin where you can customize the map and add your own marker for a while. This plugin does all that and the support is really good.

Active support, reacts fast to fix the problem, which is good. Makes this plugin a good choice, actively maintained.

WP MAPS had a display bug on my website. Flippercode support intervened very quickly, and was able to solve the problem in less than 24 hours, thank you very much!

My all time favourite maps plugin! Good Work!

Quick fix with a bug on lower versions of PHP

Read all 112 reviews

“WordPress Plugin for Google Maps – WP MAPS” is open source software. The following people have contributed to this plugin.

Contributors

* Flipper Code

**4.4.2**

* Fix : Callback function required error notice by google fixed.

**4.4.1**

* Fix : Warnings and notices related to infowindow fixed.

**4.4.0**

* Fix : Security issuse related to \[display\_map\] shortcode fixed.

**4.3.9**

* New : Centering the map according to assigned locations.

**4.3.8**

* New : Multiple design templates added for marker infowindow.
* New : Upload custom image for each location and display it inside infowindow with help of new placeholder.

**4.3.7**

* Fix : Category filter issue fixed.
* New : Marker cluster functionality added.

**4.3.6**

* Fix : The delete pop-up is displayed now.

**4.3.5**

* Fix : Plugin code optimised.

**4.3.4**

* New : Snazzy Maps settings readded.

**4.3.3**

* New : Compatibility Issue with PHP 7.2 Resolved

**4.3.2**

* New : Plugin name updated according to released guidelines.

**4.3.1**

* New : Code Improvements.

**4.3.0**

* New : Link for API key generation process through wizard updated.

**4.2.9**

* New : Google Maps API key link updated on add map and add location page.

**4.2.8**

* New : How to use page updated with new google maps console link.

**4.2.7**

* Fix : Broken link fixed.

**4.2.6**

* New : Displayed dynamic google map API key HTTP referrer in the backend, which will be needed in API key creation process.
* New : Added review collection notice for the plugin.

**4.2.5**

* Fix : Infowindow HTML tags were stripping while updating the map.

**4.2.4**

* Fix : Confirmation popup added on bulk delete action for category,location and map.
* Fix : Security issue fixed for delete and copy map operation.

**4.2.3**

* Fix : ‘Select Category’ text displayed in marker category filter dropdown is now translatable.
* Fix : Fixed a logical validation issue on Add location form in back-end.

**4.2.2**

* Fix : UI issues of map controls caused by currently activated theme fixed.

**4.2.1**

* Fix : Warnings removed from frontend when map is deleted from backend.

**4.2.0**

* New : Confirmation boxes added before deleting locations / marker categories / maps.
* New : Addons introduction page updated.

**4.1.9**

* Fix : One warning and one notice fixed on add map page, code optimised.

**4.1.8**

* New : Dismissable notice to buy premium version plugin added.

**4.1.7**

* New : Better UI interface for backend forms.

**4.1.6**

* Fix: Calling files remotely fixed. Removed shorthand URLs. Text domain corrected. WordPress tested upto version number updated. Data sanitisation & escaping work done. Unused code removed. Design issue fixed on manage location and manage maps page. New filter added.

**4.1.5**

* Fix: SQL vulnerability issue fixed.

**4.1.4**

* Fix: SQL security issue fixed.

**4.1.3**

* New: New hooks added before and after map rendering.
* New: Extentions related information provided.

**4.1.2**

* Fix: Missing translation files added.

**4.1.1**

* New: Search control on map for easy location searching.
* New: Filter markers by category.

**4.1.0**

* Fix: Removed reported vulnerability. Updated code in data save modules and applied more security.
* New: Display google maps in different beautiful skins. Snazzy maps support integrated.

**4.0.9**

* Fix: Removed PHP Warnings and coding standard updated.

**4.0.8**

* Fix: Broken link fixed.

**4.0.7**

* Fix: Optimized CSS and removed unused CSS, Files and Code.

**4.0.6**

* Fix: Optimized CSS and removed unused CSS, Files and Code.

**4.0.3**

* Fix: Removed unused file.

**4.0.2**

* Fix: call\_user\_func\_array is resolved.

**4.0.1**

* Fix: Blank Page on Add Map is fixed.

**4.0.0**

* Improvement: New UI for Backend Pages and Forms.
* New: Ability to customize info window message using placeholder.
* New: Ability to show info window on click or mouseover.
* New: Set default marker icon for the map.

**3.2.0**

* Security Fix: Security vulnerablity is resolved.

**3.1.6**

* Improvement Fix: How to use plugin instruction added.

**3.1.5**

* Improvement Fix: CSS fixed for wordpress 4.6.

**3.1.4**

* Improvement Fix: Missing google maps api key notification added on location page.

**3.1.3**

* Fix: Indexed Warning is resolved in class.initial-core.php.

**3.1.2**

* Fix: XSS Vulnerability is resolved.

**3.1.1**

* Fix – Access level to WP\_List\_Table\_Helper::pagination() must be public.

**3.1.0**

* New – resize\_map() function is added to correct the grey map in tabs issue.
* Improvement – Remove directory reading functions.

**3.0.9**

* Multi-site bug resolved.

**3.0.5**

* Lang slug changed to wp-google-map-plugin as per wordpress.org requested.

**3.0.4**

* links in the info window is broken due to missing stripslashes function – resolved.

**3.0.3**

* wpgmp\_admin\_overview capability added to read how to use instructions.

**3.0.2**

* echo $before\_widget and $after\_widget added for correct widget output.

**3.0.1**

* Category icon broken issue resolved.
* Markers are not displaying on the map, issue resolved.
* Infowindow Message is not showing on marker click, issue resolved.

**3.0.0**

* Sanitize all inputs and outputs.
* New file & folder structure.
* Object oriented based coding according to wordpress standard coding rules.
* Clean bootstrap based design.
* Ability to show any number of google maps on a single map.
* Decide center latitude and longitude for each map.
* POV Heading and Pov Pitch for street view.
* Sub categories supported.
* Redirect to URL on marker click.
* City, State, Country and Postal code new fields in location form.
* Apply marker animation.
* Position google maps controls e.g Pan,Zoom,May Type with easy to use interface.

**2.3.10**

* CSRF Protection added on add/edit location.
* CSRF Protection added on add/edit map.
* CSRF Protection added on add/edit category.

**2.3.9**

* Display more than 10 locations on Manage Locations using Screen Options.
* Display more than 10 maps on Manage Categories using Screen Options.
* Display more than 10 categories on Manage Maps using Screen Options.
* SSL Supported.

**2.3.8**

* locations, maps and category was not showing on manage pages in wordpress 4.2 resolved.

**2.3.7**

* Improvement Fix: Fixed add\_query\_arg() and remove\_query\_arg() usage to avoid XSS Vulnerability.

**2.2.0**

* Twitter Bootstrap 3 Based.
* Solved Featured Image Problem.

**2.1.0**

* Infowindow CSS Improved.
* Optimized Code for Fast Map Experience.
* Solved Layer Display Problem.

**1.2.0**

* Zero Configuration Enabled.
* Managed Navigation.
* Custom Icon using Widget.

**1.1.0**

* Solved zoom toolbar bug.
* Solved white lines on the map.
* Added Widget Support.
* Added multiple maps on a page support.

CVE-2016-10878: WordPress Plugin for Google Maps – WP MAPS

The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.

CVE-2017-18508: 3CX Free Live Chat

The wp-database-backup plugin before 5.1.2 for WordPress has XSS.

*   Details
*   Reviews
*   Installation
*   Development

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click. Manual or Automated Database Backups And also store database backup on safe place- Dropbox,FTP,Email,Google drive, Amazon S3

**Features**

*   Create Database Backup  
    WP Database Backup plugin helps you to create Database Backup easily on single click.
*   Auto Backup  
    Backup automatically on a repeating **schedule**
*   Download backup file direct from your WordPress dashboard
*   Easy To Install(Very easy to use)  
    WP Database Backup is super easy to install.
*   Simple to configure(very less configuration), less than a minute.
*   Restore Database Backup  
    WP Database Backup plugin helps you to Restore Database Backup easily on single click.
*   Multiple storage destinations
*   Store database backup on safe place- **Dropbox, Google drive, Amazon s3,FTP,Email**
*   Reporting- Sends emailed backups and backup reports to any email addresses
*   **Exclude Table**
*   Database backup list pagination
*   Search and Replace in database backup file.
*   Search backup from list(Date/ Database Size)
*   Sort backup list (Date/ Database Size)
*   Save database backup file in zip format on local server And Send database backup file to destination in zip format
*   Documentation

**Support**

*   https://backupforwp.com/support

1.  Download the plugin file, unzip and place it in your wp-content/plugins/ folder. You can alternatively upload it via the WordPress plugin backend.
2.  Activate the plugin through the ‘Plugins’ menu in WordPress.
3.  WP Database Backup menu will appear in Dashboard->Backups. Click on it & get started to use.

**How to create database Backup?**

Follow the steps listed below to Create Database Backup

Create Backup:

1) Click on Create New Database Backup

2) Download Database Backup file.

**How to restore database backup?**

Restore Backup:

Click on Restore Database Backup

OR

1)Login to phpMyAdmin

2)Click Databases and select the database that you will be importing your data into.

3)Across the top of the screen will be a row of tabs. Click the Import tab.

4)On the next screen will be a location of text file box, and next to that a button named Browse.

5)Click Browse. Locate the backup file stored on your computer.

6)Click the Go button

**Always get an empty (0 bits) backup file?**

This is generally caused by an access denied problem.

You don’t have permission to write in the wp-content/uploads.

Please check if you have the read write permission on the folder.

**On Click Create New Database Backup it goes to blank page**

if the site is very large, it takes time to create the database backup. And if the server execution time is set to low value, you get go to blank page.  
There may be chance your server max execution time is 30 second. Please check debug log file.  
You will need to ask your hosting services to increase the execution time and the plugin will work fine for large data.  
You can also try to increase execution time. Please make below changes – Add below line

php.ini

max\_execution\_time = 180 ;

Also Please make sure that you have write permission to Backup folder and also check your log file.

**Want more features?**

If you want more features then please contact us at

Very good tool, it does its job as describe.

Easy to use UI and just does the job nicely ! Great Plugin 🙂

Great backup plugin with an overall great and useable interface.

I don't know why, but with Wordpress 5.9 this plugin is broken.

WP Database Backup is all that you need to make database backups. This is really an amazing plugin, probably the best plugin to back up a WordPress database. I really love the scheduling feature. Just a question, does it offer an API to schedule the backups using an external cron? It would be great if you can trigger the automatic backups using the cron of the server instead of the inbuilt WP cron. Because all the pages are served by server cache, I would prefer an external cron.

Does not restore the database. Had to restore it using phpmyadmin. Scheduler does not work as intended. Just keep taking hourly backups. You can't set it to twice daily or daily etc. Author does not respond to queries in support forum on time.

Read all 72 reviews

“WP Database Backup – Unlimited Database & Files Backup by Backup for WP” is open source software. The following people have contributed to this plugin.

Contributors

Tag

#php