cleantalk
Vulnerabilities and Security Researches

WordPress Plugin for Google Maps – WP MAPS, CVE-2026-6381

CVE, Research URL

CVE-2026-6381

Home page URL

Security reports for WordPress Plugin for Google Maps – WP MAPS

Application

WordPress Plugin for Google Maps – WP MAPS

Published on
May 18, 2026
Research Description
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.
Affected versions
max 4.9.3.
Status
vulnerable
Previous vulnerability researches
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2025-64635) , Jan 10, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2023-4841) , Jun 07, 2024
Feeds for YouTube (YouTube video, channel, and gallery plugin) (63d036bf8354801dd02167b4cc6a671f96fb03ce) , Jun 07, 2024
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2025-12002) , Jan 28, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2024-6256) , Jul 12, 2024
New vulnerability
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-45442) , May 19, 2026
WP Learn Manager (CVE-2021-47975) , May 19, 2026
Autoptimize (CVE-2026-3220) , May 19, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2026-1631) , May 19, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-6381) , May 19, 2026