Vulnerability in Wp Go Maps (Formerly Google Maps)

CVE-2025-11307

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and out…

EPSS: 0.019 (77.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

  • Unknown Wp Go Maps (Formerly Google Maps) — versions 0

References

Frequently asked questions

What is CVE-2025-11307?
CVE-2025-11307 is a high-severity vulnerability in Wp Go Maps (Formerly Google Maps), classified under CWE-79 CROSS-SITE SCRIPTING (XSS). CVSS score: 8.8/10. Published 2025-11-11.
How severe is CVE-2025-11307?
High severity. CVSS v3 base score is 8.8 out of 10.