Geo Mashup
by Cyberhobo
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48293 | Cri | 0.64 | 9.8 | 0.00 | Aug 14, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through <= 1.13.16. | ||
| CVE-2026-6457 | Med | 0.35 | 6.5 | 0.00 | May 2, 2026 | The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the… | ||
| CVE-2024-44008 | Med | 0.35 | 6.5 | 0.00 | Sep 17, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through <= 1.13.12. | ||
| CVE-2015-1383 | 0.00 | — | 0.02 | Feb 2, 2015 | Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. |
- risk 0.64cvss 9.8epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through <= 1.13.16.
- risk 0.35cvss 6.5epss 0.00
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…
- risk 0.35cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through <= 1.13.12.
- CVE-2015-1383Feb 2, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.