SQL Injection Vulnerability in Geo Mashup Plugin by WordPress
CVE-2026-48967

8.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
17 June 2026

What is CVE-2026-48967?

The Geo Mashup plugin for WordPress contains a SQL Injection vulnerability that affects versions up to 1.13.19. This vulnerability allows attackers to manipulate SQL queries by injecting malicious code, which can lead to unauthorized access to sensitive data or perform unintended operations on the database. It is crucial for users of this plugin to apply necessary security patches or update to a secure version to mitigate potential risks.

Affected Version(s)

Geo Mashup <= 1.13.19

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Baikuya | Patchstack Bug Bounty Program
.