CVE-2026-7552

The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin...

EUVD-2026-32734

The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin...

CVE-2026-7552 Geo Mashup <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure via 'geo_mashup_content' Parameter

The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin...

PT-2026-44201

The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin...

WordPress WP GeoNames plugin <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin WP GeoNames versions = 1.9.0.1...

EUVD-2024-34186

Malicious code in bioql PyPI...

EUVD-2024-52144

Malicious code in bioql PyPI...

CVE-2024-53812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through = 1.8...

CVE-2024-11757 WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11757

CVE-2024-11757 affects the WordPress plugin WP GeoNames (vulnerable through the wp-geonames shortcode). The issue is Stored XSS caused by insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access (and above) to ...

CVE-2024-11757 WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin WP GeoNames 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

PT-2024-17235 · WordPress · Wp Geonames

Name of the Vulnerable Software and Affected Versions: WP GeoNames plugin for WordPress versions up to, and including, 1.9.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-53812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through = 1.8...

CVE-2024-53812

CVE-2024-53812 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress WP GeoNames plugin (versions 1.8 and earlier). Connected sources confirm the issue arises from improper input neutralization during web page generation and allows Reflected XSS. Affected software is WP GeoNames (

CVE-2024-53812 WordPress WP GeoNames plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through = 1.8...

CVE-2024-53812 WordPress WP GeoNames plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a through 1.8...

PT-2024-35927 · WordPress · Wp Geonames

Name of the Vulnerable Software and Affected Versions: WP GeoNames versions 1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For WP GeoNames version...

WordPress plugin WP GeoNames 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress WP GeoNames plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin WP GeoNames versions = 1.8...