The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which does not cover $_SERVER), then passed through bare esc_sql() before being interpolated into unquoted numeric positions in the proximity-search query (HAVING/SELECT clause distance math, BETWEEN bounding-box pre-filter) built by gmw_locations_query() in plugins/posts-locator/includes/class-gmw-wp-query.php. Because esc_sql() only escapes string delimiters and these positions are numeric, payloads such as 1 OR SLEEP(3) survived sanitization. Fixed in 4.5.5 by adding an upstream is_numeric() guard that short-circuits the WHERE clause to AND 1 = 0 when either coordinate is non-numeric, and by replacing the three esc_sql() calls with (float) casts.
CVE-2026-15300
Score 9.1 from GitHub Security Advisory (severity: CRITICAL) published 2026-07-10. a secondary CVSS source baseline 9.1; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 9.1
- EG Score
- 9.1(high)
- EPSS
- 27.1%
- KEV
- Not listed
Published
July 10, 2026
Last Modified
July 10, 2026
References (6)
- security@wordfencehttps://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L299
- security@wordfencehttps://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L300
- security@wordfencehttps://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L301
- security@wordfencehttps://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L286
- security@wordfencehttps://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L305
- security@wordfencehttps://www.wordfence.com/threat-intel/vulnerabilities/id/ecbc7f05-fc4f-4276-968e-04222a64e55a?source=cve
Vendor Advisories for CVE-2026-15300(1)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 72× in last 7d / 72× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-15 23:11 UTCEG score recompute
- 2026-07-15 23:11 UTCGHSA enrichment
- 2026-07-15 18:53 UTCEG score recompute
- 2026-07-15 18:53 UTCGHSA enrichment
- 2026-07-15 16:57 UTCEPSS rescore
- 2026-07-15 14:34 UTCEG score recompute
- 2026-07-15 14:34 UTCGHSA enrichment
- 2026-07-15 10:16 UTCEG score recompute
- 2026-07-15 10:16 UTCGHSA enrichment
- 2026-07-15 05:58 UTCEG score recompute
- 2026-07-15 05:58 UTCGHSA enrichment
- 2026-07-15 02:00 UTCEPSS rescore
- 2026-07-15 01:28 UTCEG score recompute
- 2026-07-15 01:28 UTCGHSA enrichment
- 2026-07-14 21:10 UTCEG score recompute
- 2026-07-14 21:10 UTCGHSA enrichment
- 2026-07-14 16:52 UTCEG score recompute
- 2026-07-14 16:52 UTCGHSA enrichment
- 2026-07-14 12:34 UTCEG score recompute
- 2026-07-14 12:34 UTCGHSA enrichment
- 2026-07-14 08:16 UTCEG score recompute
- 2026-07-14 08:16 UTCGHSA enrichment
- 2026-07-14 03:57 UTCEG score recompute
- 2026-07-14 03:57 UTCGHSA enrichment
- 2026-07-13 23:39 UTCEG score recompute
Show 47 moreShow fewer
- 2026-07-13 23:39 UTCGHSA enrichment
- 2026-07-13 22:30 UTCEPSS rescore
- 2026-07-13 19:21 UTCEG score recompute
- 2026-07-13 19:21 UTCGHSA enrichment
- 2026-07-13 15:03 UTCEG score recompute
- 2026-07-13 15:03 UTCGHSA enrichment
- 2026-07-13 10:43 UTCEG score recompute
- 2026-07-13 10:43 UTCGHSA enrichment
- 2026-07-13 06:25 UTCEG score recompute
- 2026-07-13 06:25 UTCGHSA enrichment
- 2026-07-13 06:12 UTCEPSS rescore
- 2026-07-13 02:07 UTCEG score recompute
- 2026-07-13 02:07 UTCGHSA enrichment
- 2026-07-12 21:49 UTCEG score recompute
- 2026-07-12 21:49 UTCGHSA enrichment
- 2026-07-12 17:30 UTCEG score recompute
- 2026-07-12 17:30 UTCGHSA enrichment
- 2026-07-12 13:12 UTCEG score recompute
- 2026-07-12 13:11 UTCGHSA enrichment
- 2026-07-12 08:53 UTCEG score recompute
- 2026-07-12 08:53 UTCGHSA enrichment
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-12 04:35 UTCEG score recompute
- 2026-07-12 04:35 UTCGHSA enrichment
- 2026-07-12 00:16 UTCEG score recompute
- 2026-07-12 00:16 UTCGHSA enrichment
- 2026-07-11 19:58 UTCEG score recompute
- 2026-07-11 19:58 UTCGHSA enrichment
- 2026-07-11 15:40 UTCEG score recompute
- 2026-07-11 15:40 UTCGHSA enrichment
- 2026-07-11 11:22 UTCEG score recompute
- 2026-07-11 11:22 UTCGHSA enrichment
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-11 07:04 UTCEG score recompute
- 2026-07-11 07:04 UTCGHSA enrichment
- 2026-07-11 02:46 UTCEG score recompute
- 2026-07-11 02:46 UTCGHSA enrichment
- 2026-07-10 22:28 UTCEG score recompute
- 2026-07-10 22:28 UTCGHSA enrichment
- 2026-07-10 18:10 UTCEG score recompute
- 2026-07-10 18:10 UTCGHSA enrichment
- 2026-07-10 13:51 UTCEG score recompute
- 2026-07-10 13:51 UTCGHSA enrichment
- 2026-07-10 09:33 UTCEG score recompute
- 2026-07-10 09:33 UTCGHSA enrichment
- 2026-07-10 05:15 UTCEG score recompute
- 2026-07-10 05:13 UTCMITRE cvelistV5first tracked
Related CVEs(same CWE)
Frequently asked(5)
What is CVE-2026-15300?
When was CVE-2026-15300 disclosed?
Is CVE-2026-15300 actively exploited?
What is the CVSS score of CVE-2026-15300?
How do I remediate CVE-2026-15300?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-15300
Is Your Infrastructure Affected by CVE-2026-15300?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.