CVE-2025-11307
WP Google Maps < 9.0.48 - Unauthenticated Stored XSS
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Unknown · WP Go Maps (formerly WP Google Maps)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →