Primary

Context

WordPress Easy Google Maps Plugin XML External Entity Vulnerability

Vulnerability

Patched

A vulnerability allowing XML injection through improper restriction of XML external entity references has been identified in the WordPress Easy Google Maps plugin, affecting versions through 1.11.17. This XML External Entity (XXE) vulnerability could lead to the injection of arbitrary XML, potentially causing the website to leak sensitive information, experience a denial of service, or suffer from server-side request forgery.

Impact

Exploitation of this vulnerability could allow for XML injection, leading to XXE attacks. Such attacks could cause the website to leak sensitive information, disrupt service availability, or introduce server-side request forgery vulnerabilities.

Remediation

Users of the WordPress Easy Google Maps plugin should update to version 1.11.19 or later to address this vulnerability. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Easy Google Maps Plugin XML External Entity Vulnerability

Vulnerability

Impact

Remediation

Affected Products

supsystic Easy Google Maps

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating