{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-2580/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wordpress","sqli","cve-2026-2580","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory \u0026amp; Filters plugin for WordPress, a widely used plugin for integrating map functionality into WordPress sites, contains a critical time-based SQL Injection vulnerability. Assigned CVE-2026-2580, this flaw affects all versions up to and including 4.9.1. The vulnerability lies within the \u0026lsquo;orderby\u0026rsquo; parameter, where insufficient input sanitization allows unauthenticated attackers to inject malicious SQL queries. By…\u003c/p\u003e\n","date_modified":"2026-03-23T00:16:51Z","date_published":"2026-03-23T00:16:51Z","id":"/briefs/2024-01-wp-maps-sqli/","summary":"The WP Maps WordPress plugin before version 4.9.2 is vulnerable to time-based SQL Injection via the 'orderby' parameter, allowing unauthenticated attackers to extract sensitive information from the database.","title":"WP Maps WordPress Plugin Time-Based SQL Injection Vulnerability (CVE-2026-2580)","url":"https://feed.craftedsignal.io/briefs/2024-01-wp-maps-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-2580","version":"https://jsonfeed.org/version/1.1"}