CVE-2026-6381

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

18/05/2026

Last modified:

18/05/2026

Description

The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.

Impact

References to Advisories, Solutions, and Tools

https://wpscan.com/vulnerability/18b36672-58d7-44fa-b653-b728e9ef257a/