CVE-2025-11307HIGH 8.8EPSS p77.0%

CVE-2025-11307CVE-2025-11307

Description

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS1.90% probability of exploitation · percentile 77.0% · 2026-06-18T12:00:27Z
Published2025-11-11
Last modified2026-04-15

References

  1. https://wpscan.com/vulnerability/f5b21a05-7a51-4530-9e07-4700f00eeca3/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-24742
CVE
CVE-2026-9594
CVE
CVE-2025-9697
CVE
CVE-2026-2827
CVE
CVE-2026-8907
CVE
CVE-2025-1232
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.