Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPGMaps — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting WPGMaps. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPGmaps is a WordPress plugin for embedding interactive maps into websites, widely used for location-based content display. Historically, it has been susceptible to multiple security vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, with 12 CVEs documented. The plugin's security issues often stem from insufficient input validation and improper permission checks. Notable incidents include cases where unauthenticated attackers could execute arbitrary code or steal sensitive data through crafted requests. Despite its popularity, the plugin's security track record has been problematic, requiring users to maintain strict version control and implement additional security measures to mitigate risks.

Top products by WPGMaps: WP Go Maps (formerly WP Google Maps) WP Go Maps
CVE IDTitleCVSSSeverityPublished
CVE-2026-4268 WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings — WP Go Maps (formerly WP Google Maps)CWE-79 6.4 Medium2026-03-18
CVE-2026-0593 WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification — WP Go Maps (formerly WP Google Maps)CWE-862 5.3 Medium2026-01-24
CVE-2025-11703 WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning — WP Go Maps (formerly WP Google Maps)CWE-349 5.3 Medium2025-10-18
CVE-2025-11166 WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update — WP Go Maps (formerly WP Google Maps)CWE-352 5.4 Medium2025-10-09
CVE-2025-24742 WordPress WP Google Maps plugin <= 9.0.40 - Cross Site Request Forgery (CSRF) vulnerability — WP Go MapsCWE-352 4.3 Medium2025-01-27
CVE-2024-5994 WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Go Maps (formerly WP Google Maps)CWE-79 6.4 Medium2024-06-14
CVE-2024-3557 WP Go Maps (formerly WP Google Maps) <= 9.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Go Maps (formerly WP Google Maps)CWE-79 6.4 Medium2024-05-24
CVE-2023-6777 WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service — WP Go Maps (formerly WP Google Maps)CWE-200 5.3 Medium2024-04-09
CVE-2024-29931 WordPress WP Go Maps plugin <= 9.0.29 - Reflected Cross Site Scripting (XSS) vulnerability — WP Go MapsCWE-79 7.1 High2024-03-27
CVE-2024-1582 WP Go Maps (formerly WP Google Maps) <= 9.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Go Maps (formerly WP Google Maps)CWE-79 6.4 Medium2024-03-13
CVE-2023-4839 WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting — WP Go Maps (formerly WP Google Maps)CWE-79 4.4 Medium2024-03-13
CVE-2023-6697 WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting — WP Go Maps (formerly WP Google Maps)CWE-79 6.1 Medium2024-01-24

This page lists every published CVE security advisory associated with WPGMaps. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.