CVE-2026-2580 in flippercode WP Maps Plugininformation

Résumé (Anglaise)

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Responsable

Wordfence

Réserver

16/02/2026

Divulgation

23/03/2026

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
352473	flippercode WP Maps Plugin Parameter injection SQL	89	Non défini	Correctif officiel	CVE-2026-2580

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

◂ PrécédentAperçuSuivant ▸

Interested in the pricing of exploits?

See the underground prices here!