WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title, category, address and description fields.

Basic Information

ID CVE-2026-8385

Source WPScan

Published Jun 15, 2026 at 06:00

Modified Jun 15, 2026 at 12:37

Affected Product

Vendor Unknown

Product WP Go Maps

Affected Versions Unknown WP Go Maps 0

CWE Classification

CWE-200

References

wpscan.com /vulnerability/984cad38-6d01-4956-8bf1-29585258780b/

{
    "lastseen": "",
    "description": "The WP Go Maps  WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title, category, address and description fields.",
    "published": "2026-06-15T06:00:01.881Z",
    "modified": "2026-06-15T12:37:31.988Z",
    "type": "cve",
    "title": "WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/984cad38-6d01-4956-8bf1-29585258780b/",
    "id": "CVE-2026-8385",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Unknown WP Go Maps 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Go Maps",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback_CVE-2026-8385