PT-2025-27053 · WordPress · Wp Map Block
Krugov Artyom
·
Published
2025-06-27
·
Updated
2025-07-07
·
CVE-2025-5194
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
WP Map Block versions prior to 2.0.3
Description:
The issue concerns the WP Map Block WordPress plugin, which does not validate and escape some of its block options before outputting them back in a page or post where the block is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Recommendations:
For WP Map Block versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WP Map Block plugin until a patch is applied, especially for users with the contributor role and above.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Map Block