Review
WP Go Maps
CVE published 2026-06-15
CVE-2026-8386
The WP Go Maps WordPress plugin before version 10.0.10 has an information disclosure vulnerability. This vulnerability exists in its public single-marker REST endpoint, where it fails to perform approval-state filtering. As a result, unauthenticated users can retrieve marker records that have not been approved for public display by an administrator. This includes personally identifiable information (PII) [truncated]