6 matches found
CVE-2026-4061
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
EUVD-2026-26779
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
PT-2026-36607
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map post type' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashes deep$ POST which removes WordPress magic quotes protection, followed...
CVE-2015-1383
Cross-site scripting XSS vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key...
CVE-2015-1383
CVE-2015-1383 concerns the WordPress Geo Mashup plugin (versions prior to 1.8.3). The vulnerability is a Cross‑Site Scripting (XSS) flaw in the plugin’s geo search widget, where the input from the user’s search key is not properly sanitized, allowing an attacker to inject arbitrary scripts into t...
PT-2015-5256 · WordPress · Geo Mashup
Name of the Vulnerable Software and Affected Versions: Geo Mashup plugin versions prior to 1.8.3 Description: The issue is related to a cross-site scripting XSS vulnerability in the geo search widget of the Geo Mashup plugin for WordPress. This vulnerability allows remote attackers to inject...