CVE-2025-11307
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WP Go Maps (formerly WP Google Maps) | 0 < 9.0.48 | affected |
Weaknesses
- CWE-79 Cross-Site Scripting (XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.