CVE-2026-2416
- EPSS 0.09%
- Veröffentlicht 25.02.2026 08:25:31
- Zuletzt bearbeitet 25.02.2026 14:15:29
The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e...
CVE-2024-8990
- EPSS 0.36%
- Veröffentlicht 01.10.2024 08:15:05
- Zuletzt bearbeitet 04.10.2024 13:51:25
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user...
CVE-2024-44008
- EPSS 0.38%
- Veröffentlicht 17.09.2024 23:15:19
- Zuletzt bearbeitet 24.09.2024 22:08:01
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12.
CVE-2018-14071
- EPSS 1.47%
- Veröffentlicht 16.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:48:34
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVE-2015-1383
- EPSS 0.47%
- Veröffentlicht 02.02.2015 15:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.