cleantalk
Vulnerabilities and Security Researches

WP Go Maps (formerly WP Google Maps), CVE-2026-0593

CVE, Research URL

CVE-2026-0593

Home page URL

Security reports for WP Go Maps (formerly WP Google Maps)

Application

WP Go Maps (formerly WP Google Maps)

Published on
Jan 24, 2026
Research Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Affected versions
max 10.0.05.
Status
vulnerable
Previous vulnerability researches
WP Google Maps Integration (CVE-2026-7464) , May 13, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2025-11307) , Dec 10, 2025
WP Go Maps (formerly WP Google Maps) (CVE-2026-0593) , Apr 14, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2026-4268) , Apr 14, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2021-24383) , Jun 07, 2024
New vulnerability
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-9829) , Jun 07, 2026
Advanced Google reCAPTCHA (CVE-2026-5415) , Jun 07, 2026
Advanced Google reCAPTCHA (CVE-2026-5411) , Jun 07, 2026
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2026-7665) , Jun 07, 2026
Ad Inserter – Ad Manager & AdSense Ads (CVE-2026-9280) , Jun 06, 2026