Vulnerability Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location search results.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/CodeCabin/wp-google-maps/pull/1087/files
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old
- https://research.cleantalk.org/cve-2025-11703
- https://www.wordfence.com/threat-intel/vulnerabilities/id/531360c6-e78a-4344-be0
FAQ
What is CVE-2025-11703?
CVE-2025-11703 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from serv...
How severe is CVE-2025-11703?
CVE-2025-11703 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11703?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.