Primary

Context

WP Go Maps (formerly WP Google Maps) Missing Authorization Vulnerability in Map Engine Setting Modification

Vulnerability

Patched

A vulnerability exists in the WP Go Maps (formerly WP Google Maps) plugin for WordPress, in all versions through 10.0.04. The issue arises from a lack of proper capability checks in the processBackgroundAction() function, allowing authenticated attackers with Subscriber-level access and above to unauthorizedly modify global map engine settings.

Impact

Exploitation of this vulnerability allows for unauthorized modification of global map engine settings, potentially leading to misconfigurations or abuse of map-related features.

Remediation

Users are advised to update the WP Go Maps plugin to version 10.0.05 or a newer patched version.

Added: Jan 24, 2026, 5:18 PM

Updated: Jan 24, 2026, 5:18 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Go Maps (formerly WP Google Maps) Missing Authorization Vulnerability in Map Engine Setting Modification

Vulnerability

Impact

Remediation

Affected Products

WP Go Maps

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating