cleantalk
Vulnerabilities and Security Researches

Interactive Geo Maps, CVE-2025-15345

CVE, Research URL

CVE-2025-15345

Home page URL

Security reports for Interactive Geo Maps

Application

Interactive Geo Maps

Published on
May 14, 2026
Research Description
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.6.28.
Status
vulnerable
Previous vulnerability researches
Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO (CVE-2025-11771) , Dec 11, 2025
Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO (CVE-2025-11773) , Dec 11, 2025
New vulnerability
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2026-5361) , May 15, 2026
Database Backup for WordPress (CVE-2026-4029) , May 15, 2026
Database Backup for WordPress (CVE-2026-4031) , May 15, 2026
Database Backup for WordPress (CVE-2026-4030) , May 15, 2026
Advanced Custom Fields: Font Awesome Field (CVE-2026-6415) , May 15, 2026