Authorization Bypass in Basic Google Maps Placemarks Plugin for WordPress
CVE-2026-3581

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Basic Google Maps Placemarks
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-3581?

The Basic Google Maps Placemarks plugin for WordPress suffers from an authorization bypass vulnerability that enables unauthenticated attackers to alter stored map settings, including latitude and longitude parameters. This flaw arises from the plugin failing to adequately verify user permissions before permitting actions, potentially leading to unauthorized modifications and security risks for users relying on this functionality.

Affected Version(s)

Basic Google Maps Placemarks 0 <= 1.10.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3495944/basi...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Mar 5, 2026

Credit

Chawabhon Netisingha

CVE-2026-3581 Data

JSON