A critical SQL injection vulnerability in the Geo Mashup plugin permits authenticated subscribers to compromise the underlying database, posing a high risk to data integrity.

The vulnerability exists due to improper input sanitization in the plugin's database queries. An authenticated user with subscriber-level permissions can inject malicious SQL code to manipulate or exfiltrate database contents.

Successful exploitation of this flaw could lead to unauthorized access to sensitive site data, including user credentials and configuration details. Given the CVSS score of 8.5, this high-severity vulnerability poses a significant threat to data confidentiality and could result in full database compromise or site defacement.

Immediate Action: Identify and update the Geo Mashup plugin to the latest version provided by the vendor.

Proactive Monitoring: Monitor database query logs for anomalous patterns or unauthorized access attempts originating from low-privileged subscriber accounts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets to detect and block common SQL injection patterns targeting the WordPress environment.

Public Exploit Available: false

Organizations utilizing the Geo Mashup plugin must prioritize patching to prevent unauthorized database access. Security teams should audit subscriber-level permissions and ensure that vendor updates are applied immediately to mitigate this high-severity risk.