CVE-2026-6381

HIGH 7.5

WP Maps < 4.9.3 - Subscriber+ Local File Inclusion

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

8th

The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.

Vendor	unknown
Product	wp maps
Published	May 18, 2026
Last Updated	May 18, 2026

Stay Ahead of the Next One

Get instant alerts for unknown wp maps

Be the first to know when new high vulnerabilities affecting unknown wp maps are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / WP Maps

0 < 4.9.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/18b36672-58d7-44fa-b653-b728e9ef257a/

Credits

Mustafa Ahmed WPScan