Zero Day MonitorZDM

← Back to list

EST

PRE-CVEPATCHED

drupal · geolocation field and wisski modules

Critical SQL Injection and Access Bypass Vulnerabilities in Drupal Geolocation Field and WissKI Modules

72% confidence

Description

Drupal Geolocation Field module versions prior to 3.15.0 are affected by a critical SQL Injection vulnerability. WissKI module versions prior to 4.2.0 are affected by a critical access bypass vulnerability. Users and administrators are advised to update to fixed versions to mitigate these vulnerabilities.

Affected Products

Vendor	Product	Versions
drupal	geolocation field and wisski modules	< 3.15.0 (Geolocation Field), < 4.2.0 (WissKI)

Related News (1 articles)

Tier B

CCCS Canada2d ago

Drupal security advisory (AV26-631)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

3.15.0 (Geolocation Field)4.2.0 (WissKI)

CWECWE-89, CWE-285

PublishedJun 25, 2026

Last enriched2d ago

Tags

sql injectionaccess bypassdrupalcritical vulnerability

Trending Score20

Source articles1

Independent1

Info Completeness8/14

Missing: cve_id, cvss, epss, kev, exploit, iocs

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALPRE-CVE

Multiple vulnerabilities in Drupal core and contributed modules

CRITICALCVE-2026-9082EXPKEV

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

CRITICALPRE-CVEEXP

Multiple Vulnerabilities in Various Drupal Extensions

CRITICALPRE-CVE

Critical Arbitrary PHP Code Execution in Drupal AlternativeCommerce (Basket)

LOWCVE-2026-8491

Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Pin to Dashboard

Verification

State: reported

Confidence: 72%

Vulnerability Timeline

CVE Published

Jun 25, 2026

Patch Available

Jun 25, 2026

Discovered by ZDM

Jun 25, 2026