Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.
Published: 2025-08-14
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of special elements in an SQL command creates an injection flaw that allows attackers to send malicious input that is directly incorporated into database queries. The vulnerability is identified as CWE‑89 and has a CVSS score of 9.3, indicating a high severity risk. A successful exploitation could give the attacker the ability to read, modify or delete database information, thereby compromising data confidentiality and integrity.

Affected Systems

This flaw affects the RomanCode MapSVG WordPress plugin in all releases up to, but not including, version 8.7.4. Systems running any earlier version of the plugin are potentially exposed.

Risk and Exploitability

The EPSS score of <1% suggests that exploitation occurrences are infrequent. The vulnerability is not listed in CISA’s KEV catalog. An attacker would need to submit a request that contains crafted SQL fragments. Based on the description, the likely attack vector is a web request directed at the plugin’s endpoints, though this is inferred and not explicitly stated. The high CVSS score indicates that a successful exploit would have severe impact on confidentiality and integrity of the underlying database.

Generated by OpenCVE AI on April 30, 2026 at 16:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the MapSVG plugin to version 8.7.4 or later.
  • If an immediate upgrade is not possible, disable or uninstall the plugin to block the vulnerable code.
  • As a temporary containment measure, configure web application firewall rules to block SQL injection patterns targeting the plugin’s endpoints.

Generated by OpenCVE AI on April 30, 2026 at 16:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24723 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Sat, 16 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Mapsvg
Mapsvg mapsvg
Wordpress
Wordpress wordpress
Vendors & Products Mapsvg
Mapsvg mapsvg
Wordpress
Wordpress wordpress

Thu, 14 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 Aug 2025 10:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a.
Title WordPress MapSVG Plugin < 8.7.4 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Mapsvg Mapsvg
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:30:49.518Z

Reserved: 2025-07-28T10:55:38.572Z

Link: CVE-2025-54669

cve-icon Vulnrichment

Updated: 2025-08-14T14:34:36.765Z

cve-icon NVD

Status : Deferred

Published: 2025-08-14T11:15:45.107

Modified: 2026-04-23T15:32:47.437

Link: CVE-2025-54669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T16:30:16Z

Weaknesses