PatchSiren cyber security CVE debrief
CVE-2026-39492 Flipper Code – WordPress Development Company CVE debrief
CVE-2026-39492 is a critical vulnerability in the WP Maps plugin for WordPress. The vulnerability is an unauthenticated SQL injection issue, which has been rated with a CVSS score of 9.3 and a severity of CRITICAL. It was published on June 15, 2026, at 21:16:44 UTC and modified at 21:24:32 UTC the same day.
- Vendor
- Flipper Code – WordPress Development Company
- Product
- WP Maps
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the WP Maps plugin, particularly those using versions <= 4.9.1, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection issue in the WP Maps plugin. This could allow an attacker to execute arbitrary SQL queries, potentially leading to data breaches or other malicious activities.
Defensive priority
High
Recommended defensive actions
- Update the WP Maps plugin to a version that is not vulnerable (>= 4.9.2).
- Use a Web Application Firewall (WAF) to detect and prevent SQL injection attacks.
Evidence notes
The vulnerability was reported by Patchstack, as indicated by the reference link [ref-4].
Official resources
-
CVE-2026-39492 CVE record
CVE.org
-
CVE-2026-39492 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39492 was published on June 15, 2026, at 21:16:44 UTC.