EIP-2026-113795

PRE-CVE

WordPress Plugin Google Map < 4.0.4 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113795. PoCs published by defensecode.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in the WordPress Google Map Plugin via the 'order' and 'orderby' GET parameters. It includes crafted URLs with SQL payloads that leverage time-based and error-based injection techniques.

Description

WordPress Plugin Google Map < 4.0.4 - SQL Injection

Exploits (1)

exploitdb WORKING POC

by defensecode · textwebappsphp

https://www.exploit-db.com/exploits/44883

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in the WordPress Google Map Plugin via the 'order' and 'orderby' GET parameters. It includes crafted URLs with SQL payloads that leverage time-based and error-based injection techniques.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress WP Google Map plugin < 4.0.4

Auth required

Prerequisites: Administrator or authorized user access to the plugin settings page

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026