cleantalk
Vulnerabilities and Security Researches

WP Go Maps (formerly WP Google Maps), CVE-2025-11307

CVE, Research URL

CVE-2025-11307

Home page URL

Security reports for WP Go Maps (formerly WP Google Maps)

Application

WP Go Maps (formerly WP Google Maps)

Published on
Nov 11, 2025
Research Description
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.
Affected versions
max 9.0.48.
Status
vulnerable
Previous vulnerability researches
WP Google Maps Integration (CVE-2026-7464) , May 13, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2025-11307) , Dec 10, 2025
WP Go Maps (formerly WP Google Maps) (CVE-2026-0593) , Apr 14, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2026-4268) , Apr 14, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2021-24383) , Jun 07, 2024
New vulnerability
Admin Columns (CVE-2026-7654) , Jun 07, 2026
Debug Log Manager (CVE-2026-9016) , Jun 07, 2026
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-9829) , Jun 07, 2026
Advanced Google reCAPTCHA (CVE-2026-5415) , Jun 07, 2026
Advanced Google reCAPTCHA (CVE-2026-5411) , Jun 07, 2026