A high-severity SQL injection vulnerability, rated 8.5 CVSS, was disclosed on June 17, 2026, in the Geo Mashup WordPress plugin versions up to 1.13.19. This vulnerability allows subscribers to inject malicious SQL code, potentially leading to data breaches and unauthorized access. The vulnerability was reported by Patchstack and is tracked as CVE-2026-48967. Users of the affected plugin should take immedi [truncated]
A stored cross-site scripting (XSS) vulnerability exists in the Geo Mashup WordPress plugin, affecting versions up to and including 1.13.18. The flaw stems from improper neutralization of input during web page generation (CWE-79), allowing authenticated attackers with low privileges to inject malicious scripts that execute in victims' browsers. The vulnerability was disclosed on May 26, 2026, with NVD ana [truncated]