What is CVE-2026-9757?

CVE-2026-9757 is a high-severity vulnerability in Ninjew Geo My Wp, classified under SQL Injection. CVSS score: 7.5/10. Published 2026-05-30.

How severe is CVE-2026-9757?

High severity. CVSS v3 base score is 7.5 out of 10.

SQL Injection in Ninjew Geo My Wp

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing Wor…

Vulnerability class: SQL Injection

EPSS: 0.001 (24.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ninjew Geo My Wp — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com

Frequently asked questions

What is CVE-2026-9757?: CVE-2026-9757 is a high-severity vulnerability in Ninjew Geo My Wp, classified under SQL Injection. CVSS score: 7.5/10. Published 2026-05-30.
How severe is CVE-2026-9757?: High severity. CVSS v3 base score is 7.5 out of 10.