CVE-2026-2416

Name of the Vulnerable Software and Affected Versions Geo Mashup versions prior to 1.13.18

Description The Geo Mashup plugin for WordPress is susceptible to SQL Injection through the sort parameter. Insufficient input sanitization and inadequate SQL query preparation allow attackers to inject additional SQL queries into existing ones. This can lead to the extraction of sensitive information from the database. The issue affects unauthenticated users.

Recommendations Update to version 1.13.18 or later.