cleantalk
Vulnerabilities and Security Researches

WordPress Plugin for Google Maps – WP MAPS, CVE-2025-12062

CVE, Research URL

CVE-2025-12062

Home page URL

Security reports for WordPress Plugin for Google Maps – WP MAPS

Application

WordPress Plugin for Google Maps – WP MAPS

Published on
Feb 17, 2026
Research Description
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .html files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .html file types can be uploaded and included.
Affected versions
max 4.8.7.
Status
vulnerable
Previous vulnerability researches
WP Booking (CVE-2024-35297) , Jun 07, 2024
New vulnerability
Featured Image from Content (CVE-2026-27759) , Mar 30, 2026
Mollie Payments for WooCommerce (CVE-2025-68501) , Mar 30, 2026
SMTP – 100% Free & Open Source SMTP plugin for WordPress – Bit SMTP (CVE-2026-32519) , Mar 30, 2026
Responsive Starter Templates – Elementor & WordPress Templates (CVE-2025-15488) , Mar 30, 2026
Shopping Cart & eCommerce Store (CVE-2026-32422) , Mar 30, 2026