Product
An unauthenticated attacker can exploit CVE-2026-6230, a time-based blind SQL Injection vulnerability in the Tainacan plugin for WordPress (versions up to and including 1.0.3) via the 'geoquery' parameter, to append arbitrary SQL queries and exfiltrate sensitive information from the database due to insufficient input validation.