VYPR

Geo Mashup

by WordPress

Source repositories

CVEs (13)

  • CVE-2025-48293CriAug 14, 2025
    risk 0.64cvss 9.8epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through <= 1.13.16.

  • CVE-2018-14071CriJul 16, 2018
    risk 0.57cvss 9.8epss 0.03

    The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.

  • CVE-2026-42734HigMay 27, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through <= 1.13.19.

  • CVE-2026-2416HigFeb 25, 2026
    risk 0.43cvss 7.5epss 0.01

    The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes…

  • CVE-2026-27427MedMay 26, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18.

  • CVE-2026-4062HigMay 2, 2026
    risk 0.42cvss 7.5epss 0.00

    The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient…

  • CVE-2026-4061HigMay 2, 2026
    risk 0.42cvss 7.5epss 0.00

    The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic…

  • CVE-2026-4060HigMay 2, 2026
    risk 0.42cvss 7.5epss 0.00

    The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…

  • CVE-2026-6457MedMay 2, 2026
    risk 0.35cvss 6.5epss 0.00

    The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…

  • CVE-2024-8990MedOct 1, 2024
    risk 0.35cvss 6.4epss 0.00

    The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2026-7552MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to…

  • CVE-2026-48967Jun 17, 2026
    risk 0.00cvss epss 0.00

    Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.

  • CVE-2015-1383Feb 2, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.