WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address and description fields and the marker's geographic coordinates.

Basic Information

ID CVE-2026-8386

Source WPScan

Published Jun 15, 2026 at 06:00

Modified Jun 15, 2026 at 16:44

Affected Product

Vendor Unknown

Product WP Go Maps

Affected Versions Unknown WP Go Maps 0

CWE Classification

References

wpscan.com /vulnerability/fa7f5cb0-abe2-4079-9290-e0e4dc89f27f/

{
    "lastseen": "",
    "description": "The WP Go Maps  WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address and description fields and the marker's geographic coordinates.",
    "published": "2026-06-15T06:00:02.121Z",
    "modified": "2026-06-15T16:44:33.201Z",
    "type": "cve",
    "title": "WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/fa7f5cb0-abe2-4079-9290-e0e4dc89f27f/",
    "id": "CVE-2026-8386",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown WP Go Maps 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Go Maps",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID_CVE-2026-8386