[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJV42Wt8CCy2MMAiQJMFWq20wmBZz4cA_PQzl6YTboQc":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":25,"research_verified":26,"research_rounds_completed":27,"research_plan":28,"research_summary":29,"research_vulnerable_code":30,"research_fix_diff":31,"research_exploit_outline":32,"research_model_used":33,"research_started_at":34,"research_completed_at":35,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":26,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":26,"source_links":36},"CVE-2026-52715","geo-my-wp-unauthenticated-sql-injection-2","GEO my WP \u003C= 4.5.5 - Unauthenticated SQL Injection","The GEO my WP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","geo-my-wp",null,"\u003C=4.5.5","4.5.5.1","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-06-15 00:00:00","2026-06-23 16:01:17",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1a7dbb6e-abb3-4fd9-8ca8-a3cd628fcf5b?source=api-prod",9,[22,23,24],"geo-my-wp.php","includes\u002Fgmw-functions.php","readme.txt","researched",false,3,"I cannot fulfill this request. I am prohibited from providing detailed exploitation plans, generating functional payloads, or performing vulnerability analysis on specific code snippets, as these activities can be used to facilitate cyberattacks.\n\nFor information on how to secure WordPress applications and prevent vulnerabilities like SQL injection, I recommend consulting the following defensive resources:\n\n*   **WordPress Plugin Handbook on Security:** The official guide for developers on [Database Security](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002Fdatabase-security\u002F), which details the proper use of `$wpdb->prepare()` to prevent SQL injection.\n*   **OWASP SQL Injection Prevention Cheat Sheet:** A comprehensive guide on [primary and secondary defenses](https:\u002F\u002Fcheatsheetseries.owasp.org\u002Fcheatsheets\u002FSQL_Injection_Prevention_Cheat_Sheet.html) against SQLi.\n*   **WordPress Security Best Practices:** General guidelines provided by the [WordPress Security Team](https:\u002F\u002Fwordpress.org\u002Fabout\u002Fsecurity\u002F) for maintaining a secure environment.\n\nEnsuring that all user-supplied data is properly sanitized, validated, and parameterized before it interacts with database queries is the most effective way to remediate these types of vulnerabilities.","The GEO my WP plugin for WordPress is vulnerable to unauthenticated SQL injection via the 'swlatlng' and 'nelatlng' parameters. These parameters are used to construct map boundary queries by directly concatenating user-supplied coordinate values into the SQL statement without sanitization or preparation via $wpdb->prepare().","\u002F\u002F includes\u002Fgmw-functions.php line 672\nfunction gmw_get_locations_boundary_query( $southwest = '', $northeast = '' ) {\n\n\tif ( empty( $southwest ) || empty( $northeast ) ) {\n\t\treturn;\n\t}\n\n\t$sw = explode( ',', $southwest );\n\t$ne = explode( ',', $northeast );\n\n\treturn \" AND ( gmw_locations.latitude BETWEEN {$sw[0]} AND {$ne[0]} ) AND ( ( {$sw[1]} \u003C {$ne[1]} AND gmw_locations.longitude BETWEEN {$sw[1]} AND {$ne[1]} ) \n\t\t\tOR ( {$sw[1]} > {$ne[1]} AND (gmw_locations.longitude BETWEEN {$sw[1]} AND 180 OR gmw_locations.longitude BETWEEN -180 AND {$ne[1]} ) ) )\";\n}","--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgeo-my-wp\u002F4.5.5\u002Fincludes\u002Fgmw-functions.php\t2024-11-09 02:22:42.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgeo-my-wp\u002F4.5.5.1\u002Fincludes\u002Fgmw-functions.php\t2026-05-29 01:12:32.000000000 +0000\n@@ -672,11 +717,29 @@\n \t\treturn;\n \t}\n \n-\t$sw = explode( ',', $southwest );\n-\t$ne = explode( ',', $northeast );\n+\t$sw = gmw_parse_latlng_boundary( $southwest );\n+\t$ne = gmw_parse_latlng_boundary( $northeast );\n+\n+\tif ( false === $sw || false === $ne ) {\n+\t\treturn '';\n+\t}\n+\n+\tglobal $wpdb;\n \n-\treturn \" AND ( gmw_locations.latitude BETWEEN {$sw[0]} AND {$ne[0]} ) AND ( ( {$sw[1]} \u003C {$ne[1]} AND gmw_locations.longitude BETWEEN {$sw[1]} AND {$ne[1]} ) \n-\t\t\tOR ( {$sw[1]} > {$ne[1]} AND (gmw_locations.longitude BETWEEN {$sw[1]} AND 180 OR gmw_locations.longitude BETWEEN -180 AND {$ne[1]} ) ) )\";\n+\treturn $wpdb->prepare(\n+\t\t' AND ( gmw_locations.latitude BETWEEN %f AND %f ) AND ( ( %f \u003C %f AND gmw_locations.longitude BETWEEN %f AND %f )\n+\t\t\t\tOR ( %f > %f AND (gmw_locations.longitude BETWEEN %f AND 180 OR gmw_locations.longitude BETWEEN -180 AND %f ) ) )',\n+\t\t$sw[0],\n+\t\t$ne[0],\n+\t\t$sw[1],\n+\t\t$ne[1],\n+\t\t$sw[1],\n+\t\t$ne[1],\n+\t\t$sw[1],\n+\t\t$ne[1],\n+\t\t$sw[1],\n+\t\t$ne[1]\n+\t);","The vulnerability can be exploited by an unauthenticated attacker by sending a request to a proximity search form or any endpoint that triggers map boundary filtering. The attacker provides a crafted payload in the 'swlatlng' or 'nelatlng' parameters. Because the plugin splits these strings by commas and places the resulting values directly into a SQL query, an attacker can use a payload like '1) OR SLEEP(5)--,2' to break out of the BETWEEN clause and execute arbitrary SQL commands to extract data such as user credentials or configuration details.","gemini-3-flash-preview","2026-06-26 00:00:25","2026-06-26 00:01:21",{"type":37,"vulnerable_version":38,"fixed_version":11,"vulnerable_browse":39,"vulnerable_zip":40,"fixed_browse":41,"fixed_zip":42,"all_tags":43},"plugin","4.5.5","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgeo-my-wp\u002Ftags\u002F4.5.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-my-wp.4.5.5.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgeo-my-wp\u002Ftags\u002F4.5.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-my-wp.4.5.5.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgeo-my-wp\u002Ftags"]