WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters

Vulnerabilities 26Slug wp-google-map-pluginLatest version 4.9.4WordPress.org →

Minimum safe version

4.9.2

Update to 4.9.2 or later to address 26 fixable vulnerabilities

Latest available4.9.4 ✓

N/A

2025-04-10< 4.7.2

WP Maps – Display Google Maps Perfectly with Ease <= 4.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Wordfence CVE

Medium 6.4

2026-04-16< 4.8.8

CVE-2025-13364

CVE Wordfence

N/A

2026-04-08< 4.9.2

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection

Wordfence CVE

N/A

2026-03-10< 4.9.2

WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter

Wordfence CVE

N/A

2026-03-22< 4.9.2

WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter

Wordfence CVE

High 8.8

2026-02-16< 4.8.7

CVE-2025-12062

CVE Wordfence

Medium 6.6

2025-12-09< 4.8.7

CVE-2025-67535

CVE Wordfence

Medium 4.5

2025-05-01< 4.7.2

WP Maps – Display Google Maps Perfectly with Ease <= 4.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Medium 4.8

2025-05-01< 4.7.2

WordPress WP Google Map Plugin Plugin < 4.7.2 is vulnerable to Cross Site Scripting (XSS)

Patchstack Wordfence CVE

High 8.8

2024-07-01< 4.6.2

WordPress WP Google Map Plugin Plugin <= 4.6.1 is vulnerable to SQL Injection

Patchstack CVE Wordfence

N/A

< 3.0.0

WP Google Map Plugin < 3.0.0 - CSRF to Authenticated Cross-Site Scripting (XSS)

WPScan

N/A

< 4.1.0

WP Google Map Plugin < 4.1.0 - CSRF to Unauthenticated PHP Object Injection

WPScan

Medium 5.4

2023-11-12< 4.4.3

CVE-2023-28172

CVE Patchstack Wordfence WPScan

Medium 5.9

2023-04-04< 4.4.0

CVE-2023-23878

CVE Patchstack Wordfence WPScan

N/A

2015-08-20< 3.0.0

WP Google Map Plugin < 3.0.0 - Cross-Site Request Forgery to Cross-Site Scripting

Wordfence

N/A

2019-09-21< 4.1.0

WP Google Map Plugin <= 4.0.9 - Cross-Site Request Forgery to PHP Object Injection

Wordfence

N/A

2019-09-21< 4.1.0

WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps <= 4.0.9 - Reflected Cross-Site Scripting

Wordfence

N/A

2020-11-25< 4.1.4

WordPress WP Google Map Plugin <= 4.1.3 - Authenticated SQL Injection (SQLi) vulnerability

Patchstack

Medium 5.4

2018-05-14< 4.0.4

CVE-2018-0577

CVE JVN Wordfence WPScan

Medium 6.1

2019-08-12< 2.3.7

CVE-2015-9305

CVE Wordfence WPScan

Medium 6.1

2019-08-12< 3.1.2

CVE-2016-10878

CVE Wordfence WPScan

High 8.8

2019-08-14< 2.3.10

CVE-2015-9308

CVE Wordfence

High 8.8

2019-08-14< 2.3.10

CVE-2015-9307

CVE Wordfence

High 8.8

2019-08-14< 2.3.10

CVE-2015-9309

CVE Wordfence WPScan

High 7.2

2021-03-18< 4.1.5

CVE-2021-24130

CVE Wordfence WPScan

High 8.8

2022-03-11< 4.4.3

CVE-2022-25600

CVE Patchstack Wordfence WPScan