Cross-Site Request Forgery Vulnerability in Slick Google Map Plugin by WordPress
CVE-2025-48078

8.8HIGH

Key Information:

Vendor: WordPress
Status: Slick Google Map
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-48078?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Slick Google Map plugin, which can lead to Stored Cross-Site Scripting (XSS) attacks. This flaw allows attackers to trick users into executing unwanted actions on the web application, potentially compromising user data and creating security risks. The affected versions of Slick Google Map are those prior to and including 0.3. It is crucial for administrators using this plugin to apply necessary security updates and implement proper preventive measures.

Affected Version(s)

Slick Google Map <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/slic...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
May 15, 2025

Credit

Nguyen Xuan Chien | Patchstack Bug Bounty Program

JSON