CVE-2025-13364

Name of the Vulnerable Software and Affected Versions WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters versions prior to 4.8.8

Description Stored Cross-Site Scripting occurs via the 'put wpgm' shortcode due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Authenticated attackers with contributor level access and above can inject arbitrary web scripts into pages, which execute when a user accesses the affected page.

Recommendations Update to a version newer than 4.8.7.