The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location search results.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 18 Oct 2025 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location search results. | |
Title | WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning | |
Weaknesses | CWE-349 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-10-18T06:42:46.103Z
Reserved: 2025-10-13T18:54:06.234Z
Link: CVE-2025-11703

No data.

Status : Received
Published: 2025-10-18T07:15:35.883
Modified: 2025-10-18T07:15:35.883
Link: CVE-2025-11703

No data.

No data.