Cyberhobo

Geo Mashup

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-7552

  • EPSS 0.33%
  • Veröffentlicht 28.05.2026 06:45:40
  • Zuletzt bearbeitet 28.05.2026 13:45:25

The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unaut...

7.5

CVE-2026-4061

  • EPSS 0.31%
  • Veröffentlicht 02.05.2026 11:16:10
  • Zuletzt bearbeitet 05.05.2026 19:15:34

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` whic...

7.5

CVE-2026-4062

  • EPSS 0.33%
  • Veröffentlicht 02.05.2026 11:16:10
  • Zuletzt bearbeitet 05.05.2026 19:15:34

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters...

7.5

CVE-2026-4060

  • EPSS 0.3%
  • Veröffentlicht 02.05.2026 11:16:09
  • Zuletzt bearbeitet 05.05.2026 19:15:34

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

6.5

CVE-2026-6457

  • EPSS 0.37%
  • Veröffentlicht 02.05.2026 07:46:41
  • Zuletzt bearbeitet 05.05.2026 19:15:59

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of suffi...

7.5

CVE-2026-2416

  • EPSS 1.39%
  • Veröffentlicht 25.02.2026 08:25:31
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e...

6.4

CVE-2024-8990

  • EPSS 0.38%
  • Veröffentlicht 01.10.2024 08:15:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user...

5.4

CVE-2024-44008

  • EPSS 0.3%
  • Veröffentlicht 17.09.2024 23:15:19
  • Zuletzt bearbeitet 23.04.2026 15:18:58

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through <= 1.13.12.

9.8

CVE-2018-14071

Exploit
  • EPSS 3.05%
  • Veröffentlicht 16.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:34

The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.

4.3

CVE-2015-1383

  • EPSS 1.96%
  • Veröffentlicht 02.02.2015 15:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.