Skip to main content

Geo Mashup CVE-2026-48967

| EUVDEUVD-2026-37612 HIGH
SQL Injection (CWE-89)
2026-06-17 Patchstack
8.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
8.5 HIGH

Network-reachable WordPress endpoint, low complexity, requires Subscriber auth (PR:L), no user interaction; SQLi reads cross-component data (Scope:Changed, C:H) with no integrity write and limited availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 12:08 vuln.today

DescriptionCVE.org

Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.

AnalysisAI

SQL injection in the Geo Mashup WordPress plugin (versions <= 1.13.19) allows authenticated users with Subscriber-level privileges to inject arbitrary SQL queries via unsanitized input, leading to confidentiality compromise and limited availability impact across other WordPress components. No public exploit identified at time of analysis, but the low privilege barrier (any registered subscriber) on a widely-deployed plugin class makes this a meaningful risk for WordPress sites with open registration. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register Subscriber account on target WordPress
Delivery
Authenticate to vulnerable Geo Mashup endpoint
Exploit
Inject SQL payload via plugin parameter
Execution
Exfiltrate wp_users hashes and wp_options secrets
Persist
Crack admin hash offline
Impact
Pivot to administrator account takeover

Vulnerability AssessmentAI

Exploitation Requires (1) the Geo Mashup plugin version 1.13.19 or earlier installed and activated on a WordPress site, and (2) the attacker holding at least a WordPress Subscriber-level authenticated session (PR:L per CVSS vector) - achievable on any site permitting user registration (comments, WooCommerce customers, membership sites, BuddyPress, etc.). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L) yields 8.5 (High), driven primarily by the Scope:Changed and Confidentiality:High metrics - typical of SQLi that can read wp_users password hashes and secrets across the WordPress database. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free Subscriber account on a WordPress site that has Geo Mashup <= 1.13.19 installed and open registration enabled, then sends a crafted request to a vulnerable Geo Mashup endpoint with SQL payload embedded in a parameter. The injected query exfiltrates contents of wp_users (including password hashes), wp_options (including site secrets and API keys), and potentially session tokens, which the attacker then cracks offline or uses to pivot to administrative access.
Remediation Upgrade Geo Mashup to a version newer than 1.13.19 as released by the maintainer - consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/geo-mashup/vulnerability/wordpress-geo-mashup-plugin-1-13-19-sql-injection-vulnerability for the exact patched version, as no vendor-released patch version was identified at time of analysis in the input. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all WordPress instances running Geo Mashup plugin ≤1.13.19 and document whether public subscriber registration is enabled. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-48967 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy