PT-2025-53697 · WordPress · Yamaps For Wordpress Plugin
Alex Tselevich
·
Published
2025-12-29
·
Updated
2025-12-29
·
CVE-2025-13958
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
YaMaps for WordPress Plugin versions prior to 0.6.40
Description
The YaMaps for WordPress Plugin does not properly validate and escape shortcode attributes before displaying them on a page or post. This could allow users with contributor roles or higher to execute Stored Cross-Site Scripting attacks. The issue involves improper handling of user-supplied data within shortcode attributes, potentially leading to malicious script injection.
Recommendations
Update the YaMaps for WordPress Plugin to version 0.6.40 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Yamaps For Wordpress Plugin