What is the CVSS score of CVE-2026-8385?

CVE-2026-8385 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2026-8385?

Yes, a public proof-of-concept exploit is available for CVE-2026-8385. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-8385?

Yes, a patch is available for CVE-2026-8385. Update the affected software to the latest version immediately.

Wp Go Maps CVE-2026-8385

EUVD-2026-36697 MEDIUM

Information Exposure (CWE-200)

2026-06-15 WPScan

GHSA-f9fr-2hr3-67mf

WordPress Information Disclosure Wp Go Maps

5.3

CVSS 3.1 · Vendor: WPScan

Severity by source

Vendor (WPScan) PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (WPScan) · only source for this CVE.

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Jun 15, 2026 - 09:01 EUVD

CVE Published

Jun 15, 2026 - 06:00 cve.org

UNKNOWN (no severity yet)

DescriptionCVE.org

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title, category, address and description fields.