VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Jan 24, 2025

Maps Plugin using Google Maps for WordPress – WP Google Map Vulnerabilities

Review known vulnerability records for the WordPress plugin Maps Plugin using Google Maps for WordPress – WP Google Map (`gmap-embed`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-13208, CVE-2024-13306 and CVE-2021-25081, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
0
Patch Coverage
100%
Last Updated
Feb 26, 2025
Priority CVE Quick Links

Fast paths into Maps Plugin using Google Maps for WordPress – WP Google Map CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2021-25081 Medium 1.8.4
CVE-2021-25081 Maps Plugin using Google Maps for WordPress – WP Google Map Cross-Site Request Forgery

WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery

CVE-2021-25011 Medium 1.8.1
CVE-2021-25011 Maps Plugin using Google Maps for WordPress – WP Google Map Cross-Site Request Forgery

WP Google Map <= 1.8.0 - Subscriber+ Arbitrary Post Deletion and Plugin Settings Update

CVE-2021-45729 Medium 1.8.1
CVE-2021-45729 Maps Plugin using Google Maps for WordPress – WP Google Map Privilege Escalation

WP Google Map <= 1.8.0 - Missing Authorization

CVE-2021-24502 Medium 1.7.7
CVE-2021-24502 Maps Plugin using Google Maps for WordPress – WP Google Map Stored Cross-Site Scripting

WP Google Map <= 1.7.6 - Admin+ Stored Cross-Site Scripting

CVE-2024-13208 Medium 1.9.4
CVE-2024-13208 Maps Plugin using Google Maps for WordPress – WP Google Map Stored Cross-Site Scripting

Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Markers

CVE-2024-13306 Medium 1.9.4
CVE-2024-13306 Maps Plugin using Google Maps for WordPress – WP Google Map Stored Cross-Site Scripting

Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Maps Plugin using Google Maps for WordPress – WP Google Map so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2024-13208, CVE-2024-13306 and CVE-2021-25081
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2024-13208 Medium Patch path listed

CVE-2024-13208: Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Markers

The Maps Plugin using Google Maps for WordPress – WP Google Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9...

Published
Jan 24, 2025
Patch Status
1.9.4
Open CVE-2024-13208 Report
Known Vulnerabilities

Reports for Maps Plugin using Google Maps for WordPress – WP Google Map

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-13208
CVE-2024-13208: Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Markers

The Maps Plugin using Google Maps for WordPress – WP Google Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Published
Jan 24, 2025
Patched Release
1.9.4
Affected Versions
Versions up to 1.9.3
Next Step
Update to 1.9.4 or newer if supported.
Open CVE-2024-13208 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13306
CVE-2024-13306: Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Maps Plugin using Google Maps for WordPress – WP Google Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Published
Jan 24, 2025
Patched Release
1.9.4
Affected Versions
Versions up to 1.9.3
Next Step
Update to 1.9.4 or newer if supported.
Open CVE-2024-13306 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-25081
CVE-2021-25081: WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack

Published
Jan 27, 2022
Patched Release
1.8.4
Affected Versions
Versions up to 1.8.3
Next Step
Update to 1.8.4 or newer if supported.
Open CVE-2021-25081 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-45729
CVE-2021-45729: WP Google Map <= 1.8.0 - Missing Authorization

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions

Published
Dec 08, 2021
Patched Release
1.8.1
Affected Versions
Versions up to 1.8.0
Next Step
Update to 1.8.1 or newer if supported.
Open CVE-2021-45729 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-25011
CVE-2021-25011: WP Google Map <= 1.8.0 - Subscriber+ Arbitrary Post Deletion and Plugin Settings Update

The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.

Published
Dec 08, 2021
Patched Release
1.8.1
Affected Versions
Versions up to 1.8.0
Next Step
Update to 1.8.1 or newer if supported.
Open CVE-2021-25011 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24502
CVE-2021-24502: WP Google Map <= 1.7.6 - Admin+ Stored Cross-Site Scripting

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfiltered_html capability is disallowed

Published
Jul 01, 2021
Patched Release
1.7.7
Affected Versions
Versions up to 1.7.6
Next Step
Update to 1.7.7 or newer if supported.
Open CVE-2021-24502 Report Open CVE Reference