CVE-2025-12062

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress versions prior to 4.8.7

Description The WP Maps plugin for WordPress is susceptible to a Local File Inclusion issue. This allows authenticated attackers with Subscriber-level access or higher to include and execute arbitrary .html files on the server. Successful exploitation could lead to bypassing access controls, obtaining sensitive data, or achieving code execution if .html files containing PHP code can be uploaded and included. The vulnerable function is

fc load template()

Recommendations Update the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin to version 4.8.7 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-12062

Affected Products

Wp Maps – Store Locator

CVE-2025-12062

Weakness Enumeration

Related Identifiers

Affected Products

References · 9