https://feed.craftedsignal.io/tags/cve-2026-2580/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 00:16:51 +0000https://feed.craftedsignal.io/briefs/2024-01-wp-maps-sqli/Mon, 23 Mar 2026 00:16:51 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-wp-maps-sqli/The WP Maps WordPress plugin before version 4.9.2 is vulnerable to time-based SQL Injection via the 'orderby' parameter, allowing unauthenticated attackers to extract sensitive information from the database.The WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress, a widely used plugin for integrating map functionality into WordPress sites, contains a critical time-based SQL Injection vulnerability. Assigned CVE-2026-2580, this flaw affects all versions up to and including 4.9.1. The vulnerability lies within the ‘orderby’ parameter, where insufficient input sanitization allows unauthenticated attackers to inject malicious SQL queries. By…

]]>highadvisorywordpresssqlicve-2026-2580web-application