Cross-Site Scripting Vulnerability in GMAPS for WPBakery Page Builder Free
CVE-2025-23775

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Gmaps For WPbakery Page Builder Free
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23775?

A Cross-Site Scripting (XSS) vulnerability in the GMAPS for WPBakery Page Builder Free plugin allows attackers to inject malicious scripts. This vulnerability can potentially lead to unauthorized access and manipulation of user data, impacting the overall security of affected WordPress installations. Users of versions from n/a to 1.2 are advised to apply security patches immediately to mitigate any risks associated with this flaw.

Affected Version(s)

GMAPS for WPBakery Page Builder Free <= 1.2

References

https://patchstack.com/database/wordpress/plugin/gmaps-fo...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)