cleantalk
Vulnerabilities and Security Researches

Pronamic Google Maps, CVE-2025-9352

CVE, Research URL

CVE-2025-9352

Home page URL

Security reports for Pronamic Google Maps

Application

Pronamic Google Maps

Published on
Aug 28, 2025
Research Description
The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.4.2.
Status
vulnerable
Previous vulnerability researches
Add User Meta (CVE-2025-7688) , Aug 17, 2025
Simple User Meta Editor (CVE-2025-14888) , Jan 11, 2026
User Meta – User Profile Builder and User management plugin (CVE-2025-9693) , Apr 24, 2026
User Meta – User Profile Builder and User management plugin (CVE-2024-9262) , Nov 10, 2024
User Meta – User Profile Builder and User management plugin (CVE-2022-0376) , Jun 07, 2024
New vulnerability
Countdown Timer for Elementor (CVE-2025-8445) , Apr 25, 2026
Library Bookshelves (CVE-2025-57964) , Apr 25, 2026
Best WooCommerce Builder for Elementor: Customize Checkout, Shop, Product & More With CoDesigner (CVE-2025-57961) , Apr 25, 2026
Themify Builder (CVE-2025-9353) , Apr 25, 2026
Zoho Flow (CVE-2025-8479) , Apr 25, 2026