cleantalk
Vulnerabilities and Security Researches

Best-wp-google-map, CVE-2026-1096

CVE, Research URL

CVE-2026-1096

Home page URL

Security reports for Best-wp-google-map

Application

Best-wp-google-map

Published on
Feb 14, 2026
Research Description
The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'google_map_view' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.1.
Status
vulnerable
Previous vulnerability researches
Skyword API Plugin (CVE-2024-11907) , Jan 10, 2025
Skyword API Plugin (CVE-2025-58703) , Apr 25, 2026
New vulnerability
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2026-28040) , Apr 25, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-4957) , Apr 25, 2026
My WP Translate (CVE-2025-8423) , Apr 25, 2026
AI ChatBot (CVE-2025-9111) , Apr 25, 2026
Contact Form Plugin (CVE-2025-5730) , Apr 25, 2026