EUVD-2026-36943

🗓️ 15 Jun 2026 21:30:44Reported by EUVDType

Unauthenticated SQL injection in WP Maps versions up to 4.9.1.

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2026-39492	15 Jun 202620:17	–	cve
Cvelist	CVE-2026-39492 WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability	15 Jun 202620:17	–	cvelist
NVD	CVE-2026-39492	15 Jun 202621:16	–	nvd
Patchstack	WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability	8 Apr 202610:54	–	patchstack
Positive Technologies	PT-2026-49384	15 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "3b36641b-01a7-3c8f-9798-d8895d161d58",
        "vendor": {
          "name": "Flipper Code – WordPress Development Company"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2da33b50-b699-3b0e-8eea-b7947c151a2a",
        "product": {
          "name": "WP Maps",
          "vendor": {
            "name": "WePlugins - WordPress Development Company"
          }
        },
        "product_version": "n/a ≤4.9.1"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/wordpress/plugin/wp-google-map-plugin/vulnerability/wordpress-wp-maps-plugin-4-9-1-sql-injection-vulnerability
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-39492

15 Jun 2026 21:30Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.19.3