Geo Mashup — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in Geo Mashup, with AI-generated Chinese analysis, references, and POCs.

Vendor: Dylan Kuhn

CVE ID	Title	CVSS	Severity	Published
CVE-2026-48967	WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability CWE-89	8.5	High	2026-06-17
CVE-2026-7552	Geo Mashup <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure via 'geo_mashup_content' Parameter CWE-862	5.3	Medium	2026-05-28
CVE-2026-42734	WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2026-05-27
CVE-2026-27427	WordPress Geo Mashup plugin <= 1.13.18 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2026-05-26
CVE-2026-4061	Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter CWE-89	7.5	High	2026-05-02
CVE-2026-4062	Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter CWE-89	7.5	High	2026-05-02
CVE-2026-4060	Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter CWE-89	7.5	High	2026-05-02
CVE-2026-6457	Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter CWE-89	6.5	Medium	2026-05-02
CVE-2026-2416	Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter CWE-89	7.5	High	2026-02-25
CVE-2025-48293	WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability CWE-98	9.8	Critical	2025-08-14
CVE-2024-8990	Geo Mashup <= 1.13.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via geo_mashup_visible_posts_list Shortcode CWE-79	6.4	Medium	2024-10-01
CVE-2024-44008	WordPress Geo Mashup plugin <= 1.13.12 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2024-09-17

All 12 known CVE vulnerabilities affecting Geo Mashup with full Chinese analysis, references, and POCs where available.