The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which...
cve-2026-15300cybersecurityescape-functiongeo-my-wp-plugininformation-securitynumeric-validationnvd-cvephp