CVE-2025-2279

Summary

CVE-2025-2279 is a stored cross-site scripting (XSS) vulnerability affecting the Maps WordPress plugin up to version 1.0.6. The issue stems from the plugin's failure to validate and escape shortcode attributes properly. This flaw allows users with contributor role and above to inject malicious scripts into pages or posts where the vulnerable shortcode is embedded, potentially leading to unauthorized access or data theft. Attackers can exploit this vulnerability by crafting specially crafted shortcode attributes and embedding them in a post or page, which will be executed whenever the page is accessed by other users. Upgrading to a patched version of the plugin or implementing input validation measures can help mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.