CVE-2026-1096

Name of the Vulnerable Software and Affected Versions The Best-wp-google-map plugin for WordPress versions through 2.1

Description The Best-wp-google-map plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and output escaping within the google map view shortcode. Specifically, the latitude and longitudinal parameters are vulnerable. Authenticated attackers with Contributor-level access or higher can inject malicious web scripts into pages. These scripts will then execute whenever a user accesses the compromised page.

Recommendations Update The Best-wp-google-map plugin for WordPress to a version later than 2.1.