CVE-2026-3581
Authorization Bypass in Basic Google Maps Placemarks Plugin Allows Data Modification
Publication date: 2026-04-16
Last updated on: 2026-04-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordimpress | basic_google_maps_placemarks | to 1.10.7 (inc) |
| wordfence | basic_google_maps_placemarks | to 1.10.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to modify stored map latitude and longitude options due to an authorization bypass in the Basic Google Maps Placemarks plugin for WordPress. However, there is no information provided about how this impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
The Basic Google Maps Placemarks plugin for WordPress has an authorization bypass vulnerability in versions up to and including 1.10.7.
This vulnerability occurs because the plugin does not properly verify whether a user is authorized to perform certain actions.
As a result, unauthenticated attackers can modify stored map latitude and longitude options.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to change the latitude and longitude settings stored by the plugin.
Such unauthorized modifications could lead to incorrect map data being displayed on your WordPress site.
While it does not impact confidentiality or availability, it can affect the integrity of your map data.