SQL Injection Vulnerability in Geo Mashup Plugin for WordPress
CVE-2026-2416
7.5HIGH
What is CVE-2026-2416?
The Geo Mashup plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization on the 'sort' parameter. This vulnerability allows unauthenticated attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive database information. The issue exists in all versions up to and including 1.13.17 and requires immediate attention to prevent exploitation.
Affected Version(s)
Geo Mashup 0 <= 1.13.17