WordPress Plugin Vulnerabilities

WP Go Maps < 9.0.49 - Unauthenticated Cache Poisoning

Description

The plugin is vulnerable to Cache Poisoning due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location search results.

Affects Plugins

Plugin icon
wp-google-maps
Fixed in 9.0.49

References

CVE
CVE-2025-11703
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/531360c6-e78a-4344-be06-95735337a2d6

Classification

Type
CACHE POISONING
OWASP top 10
A6: Security Misconfiguration
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Verified
No
WPVDB ID
4d0b3516-9337-48be-a268-aa143665753a

Timeline

Publicly Published
2025-10-17 (about 6 months ago)
Added
2025-10-21 (about 6 months ago)
Last Updated
2025-10-21 (about 6 months ago)

Other

Published
Title
Published
2022-10-03
Title
WP Super Cache < 1.9 - Unauthenticated Cache Poisoning