cleantalk
Vulnerabilities and Security Researches

CBX Map for Google Map & OpenStreetMap, CVE-2025-9123

CVE, Research URL

CVE-2025-9123

Home page URL

Security reports for CBX Map for Google Map & OpenStreetMap

Application

CBX Map for Google Map & OpenStreetMap

Published on
Sep 11, 2025
Research Description
The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.0.2.
Status
vulnerable
Previous vulnerability researches
CBX Map for Google Map & OpenStreetMap (CVE-2025-9123) , Apr 23, 2026
CBX Map for Google Map & OpenStreetMap (CVE-2025-47669) , May 09, 2025
CBX Map for Google Map & OpenStreetMap (CVE-2024-22297) , Jun 07, 2024
CBX Map for Google Map & OpenStreetMap (CVE-2023-47240) , Jun 07, 2024
New vulnerability
Structured Content (JSON-LD) #wpsc (CVE-2025-3414) , Apr 23, 2026
Institute Management – Learning Management System (CVE-2026-2714) , Apr 23, 2026
WP Delete User Accounts (CVE-2025-58704) , Apr 23, 2026
Front End Users (CVE-2025-58235) , Apr 23, 2026
Social Slider Feed (CVE-2026-39507) , Apr 23, 2026