Security Advisory

CVE-2025-11307

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-11 06:00:06

Last updated 2025-11-13 18:03:20

Assigner WPScan

State PUBLISHED

Description

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.

← Browse all CVEs View on cve.org ↗