Cyberhobo Geo Mashup
9 CVEs affecting Cyberhobo Geo Mashup. Latest disclosed: 2026-05-28. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4062 | High | 7.5 | 2026-05-02 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, a… |
CVE-2026-4061 | High | 7.5 | 2026-05-02 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18… |
CVE-2026-4060 | High | 7.5 | 2026-05-02 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is d… |
CVE-2026-2416 | High | 7.5 | 2026-02-25 | The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insuf… |
CVE-2026-6457 | Medium | 6.5 | 2026-05-02 | The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and inclu… |
CVE-2024-8990 | Medium | 6.4 | 2024-10-01 | The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |
CVE-2024-13362 | Medium | 6.1 | 2026-05-01 | Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient inp… |
CVE-2026-7552 | Medium | 5.3 | 2026-05-28 | The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly… |