CVE-2025-12062

Name of the Vulnerable Software and Affected Versions WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress versions prior to 4.8.7

Description The WP Maps plugin for WordPress is susceptible to a Local File Inclusion issue. This allows authenticated attackers with Subscriber-level access or higher to include and execute arbitrary .html files on the server. Successful exploitation could lead to bypassing access controls, obtaining sensitive data, or achieving code execution if .html files containing PHP code can be uploaded and included. The vulnerable function is fc load template().

Recommendations Update the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin to version 4.8.7 or later.