cleantalk
Vulnerabilities and Security Researches

WP Go Maps (formerly WP Google Maps), CVE-2025-11307

CVE, Research URL

CVE-2025-11307

Home page URL

Security reports for WP Go Maps (formerly WP Google Maps)

Application

WP Go Maps (formerly WP Google Maps)

Published on
Nov 11, 2025
Research Description
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.
Affected versions
max 9.0.48.
Status
vulnerable
Previous vulnerability researches
WP Go Maps (formerly WP Google Maps) (CVE-2025-11307) , Dec 10, 2025
WP Go Maps (formerly WP Google Maps) (CVE-2021-24383) , Jun 07, 2024
WP Go Maps (formerly WP Google Maps) (CVE-2014-7182) , Jun 07, 2024
WP Go Maps (formerly WP Google Maps) (CVE-2019-9912) , Jun 07, 2024
WP Go Maps (formerly WP Google Maps) (CVE-2021-36870) , Jun 07, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026