Skip to main content

Wp Go Maps Google Map Openstreetmap Leaflet Map

1 CVEs product

Monthly

CVE-2026-12238 MEDIUM This Month

Authorization bypass in the WP Go Maps WordPress plugin (all versions up to and including 10.1.01) permits unauthenticated remote attackers to insert arbitrary records into plugin-managed database tables - maps, markers, circles, polygons, polylines, rectangles, and point labels - by exploiting a race condition between namespace validation and query execution in the plugin's REST API. The flaw exists because the WPGMZA prefix check in the phpClass parameter validation passes for legitimate plugin classes such as WPGMZA\Map and WPGMZA\Marker, which trigger a SQL INSERT into the corresponding table before the route rejects the request. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the unauthenticated network vector and low attack complexity make it trivially abusable against the wide WordPress install base.

Authentication Bypass WordPress Wp Go Maps Google Map Openstreetmap Leaflet Map
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

Authorization bypass in the WP Go Maps WordPress plugin (all versions up to and including 10.1.01) permits unauthenticated remote attackers to insert arbitrary records into plugin-managed database tables - maps, markers, circles, polygons, polylines, rectangles, and point labels - by exploiting a race condition between namespace validation and query execution in the plugin's REST API. The flaw exists because the WPGMZA prefix check in the phpClass parameter validation passes for legitimate plugin classes such as WPGMZA\Map and WPGMZA\Marker, which trigger a SQL INSERT into the corresponding table before the route rejects the request. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the unauthenticated network vector and low attack complexity make it trivially abusable against the wide WordPress install base.

Authentication Bypass WordPress Wp Go Maps Google Map Openstreetmap Leaflet Map
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy