Geo Mashup

Vulnerabilities 16Slug geo-mashupLatest version 1.13.21WordPress.org →

Minimum safe version

1.13.20

Update to 1.13.20 or later to address 16 fixable vulnerabilities

Latest available1.13.21 ✓

High 7.5

2026-05-02< 1.13.19

CVE-2026-4060

CVE EUVD Wordfence

Medium 6.5

2026-05-02< 1.13.20

CVE-2026-6457

CVE EUVD Wordfence

High 7.5

2026-05-02< 1.13.19

CVE-2026-4061

CVE EUVD Wordfence

High 7.5

2026-05-02< 1.13.19

CVE-2026-4062

CVE EUVD Wordfence

Medium 6.1

2026-05-01< 1.13.16

CVE-2024-13362

CVE Wordfence

N/A

2026-02-24< 1.13.18

Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter

Wordfence CVE

Critical 9.8

2025-08-14< 1.13.17

CVE-2025-48293

CVE EUVD Patchstack Wordfence

Medium 6.3

2024-10-16< 1.13.6

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

Medium 6.4

2024-10-01< 1.13.14

CVE-2024-8990

CVE Patchstack Wordfence

Medium 6.5

2024-09-17< 1.13.13

CVE-2024-44008

CVE Patchstack Wordfence

N/A

2023-07-18< 1.13.12

WordPress Geo Mashup Plugin < 1.13.12 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

N/A

2022-03-04< 1.13.6

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

N/A

2022-02-28< 1.13.6

WordPress Geo Mashup plugin <= 1.13.5 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 1.13.6

WordPress Geo Mashup plugin <= 1.13.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

N/A

2015-02-02< 1.8.3

CVE-2015-1383

CVE Patchstack Wordfence WPScan

Critical 9.8

2018-07-18< 1.10.4

WordPress Geo Mashup plugin <= 1.10.3 - Unspecified Cross-Site Scripting (XSS) vulnerability

Patchstack CVE Wordfence WPScan