Cross-site Scripting Vulnerability in Pin Locations on Map by NotFound
CVE-2025-23584

7.1HIGH

Key Information:

Vendor: WordPress
Status: Pin Locations On Map
Vendor: CVE Published:; 3 March 2025

Summary

A Cross-site Scripting (XSS) vulnerability exists in the Pin Locations on Map plugin by NotFound, which allows attackers to inject malicious scripts into web pages viewed by other users. This reflected XSS flaw can potentially lead to unauthorized actions, data theft or manipulation, compromising the security of users' interactions with the affected web application. Versions from n/a through 1.0 are susceptible to this vulnerability, highlighting the necessity for timely updates and proper input handling to mitigate the risk.

Affected Version(s)

Pin Locations on Map <= 1.0

References

https://patchstack.com/database/wordpress/plugin/pin-loca...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)