Vulnerability Database

319,478

Total vulnerabilities in the database

CVE-2025-11703

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location search results.

Published: Oct 18, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-11703
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-349

Affected Software
References

No affected software listed.

https://github.com/CodeCabin/wp-google-maps/pull/1087/files
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3378871%40wp-google-maps&new=3378871%40wp-google-maps&sfp_email=&sfph_mail=
https://research.cleantalk.org/cve-2025-11703
https://www.wordfence.com/threat-intel/vulnerabilities/id/531360c6-e78a-4344-be06-95735337a2d6?source=cve

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo