cleantalk
Vulnerabilities and Security Researches

WordPress Plugin for Google Maps – WP MAPS, CVE-2026-6381

CVE, Research URL

CVE-2026-6381

Home page URL

Security reports for WordPress Plugin for Google Maps – WP MAPS

Application

WordPress Plugin for Google Maps – WP MAPS

Published on
May 18, 2026
Research Description
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.
Affected versions
max 4.9.3.
Status
vulnerable
Previous vulnerability researches
WP Learn Manager (CVE-2021-47975) , May 19, 2026
WP Learn Manager (CVE-2021-24504) , Jun 10, 2024
New vulnerability
WP Photo Album Plus (CVE-2026-6379) , May 20, 2026
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-45442) , May 19, 2026
WP Learn Manager (CVE-2021-47975) , May 19, 2026
Autoptimize (CVE-2026-3220) , May 19, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2026-1631) , May 19, 2026