cleantalk
Vulnerabilities and Security Researches

WordPress Plugin for Google Maps – WP MAPS, CVE-2026-6381

CVE, Research URL

CVE-2026-6381

Home page URL

Security reports for WordPress Plugin for Google Maps – WP MAPS

Application

WordPress Plugin for Google Maps – WP MAPS

Published on
May 18, 2026
Research Description
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.
Affected versions
max 4.9.3.
Status
vulnerable
Previous vulnerability researches
AI Moderator for BuddyPress (c5199662169f8022d0a0bdb6a709c2dd4e56fd11) , Jun 07, 2024
New vulnerability
WP Learn Manager (CVE-2021-47975) , May 19, 2026
Autoptimize (CVE-2026-3220) , May 19, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2026-1631) , May 19, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-6381) , May 19, 2026
BuddyPress (CVE-2020-37233) , May 19, 2026