WP Go Maps (formerly WP Google Maps)

Vulnerabilities 32Slug wp-google-mapsLatest version 10.0.09WordPress.org →

Minimum safe version

10.0.06

Update to 10.0.06 or later to address 32 fixable vulnerabilities

Latest available10.0.09 ✓

Medium 5.3

2026-01-24< 10.0.05

WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification

EUVD Wordfence CVE

N/A

2026-03-17< 10.0.06

WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings

Wordfence CVE

High 8.8

2025-11-11< 9.0.48

CVE-2025-11307

CVE Wordfence

Medium 5.3

2025-10-18< 9.0.49

CVE-2025-11703

CVE EUVD Wordfence

Medium 5.4

2025-10-09< 9.0.47

CVE-2025-11166

CVE Wordfence

Medium 4.3

2025-01-27< 9.0.41

CVE-2025-24742

CVE EUVD Patchstack Wordfence

N/A

2024-06-14< 9.0.39

WordPress WP Google Maps Plugin <= 9.0.38 is vulnerable to Cross Site Scripting (XSS)

Patchstack

Medium 5.4

2024-06-14< 9.0.39

CVE-2024-5994

CVE Wordfence Patchstack

Medium 5.4

2024-05-24< 9.0.37

CVE-2024-3557

CVE Patchstack Wordfence

High 7.1

2024-03-27< 9.0.30

CVE-2024-29931

CVE Wordfence Patchstack WPScan

Medium 6.5

2024-04-09< 9.0.35

CVE-2023-6777

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-03-13< 9.0.33

CVE-2024-1582

CVE Wordfence Patchstack WPScan

Medium 4.8

2024-03-13< 9.0.33

CVE-2023-4839

CVE Wordfence Patchstack WPScan

Medium 6.1

2024-01-24< 9.0.29

CVE-2023-6697

CVE Patchstack Wordfence WPScan

Medium 6.1

2024-12-18< 9.0.28

WordPress WP Google Maps Plugin < 9.0.28 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

N/A

< 7.11.28

WP Google Maps <= 7.11.27 - Admin Settings CSRF

WPScan

N/A

< 6.3.15

WP Google Maps <= 6.3.14 - Authenticated Stored Cross-Site Scripting (XSS) via CSRF

WPScan

Medium 4.9

2023-03-14< 9.0.16

CVE-2022-47595

CVE Patchstack Wordfence WPScan

N/A

2016-11-10< 6.3.15

WP Google Maps <= 6.3.14 - Stored Cross-Site Scripting

Wordfence

N/A

2019-06-03< 7.11.28

WP Google Maps <= 7.11.27 - Cross-Site Request Forgery

Wordfence

N/A

2015-08-20< 3.0.0

WordPress Google Maps Plugin <= 2.3.9 - Cross Site Scripting

Patchstack

N/A

2016-08-15< 2.1.4

WordPress Google Maps Plugin <= 2 2.1.3 - Cross Site Scripting (XSS)

Patchstack

N/A

2019-03-12< 7.10.43

WordPress WP Google Maps plugin <= 7.10.41 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2019-04-02< 7.11.18

WordPress WP Google Maps plugin <= 7.11.17 - Unauthenticated SQL Injection (SQLi) vulnerability

Patchstack

N/A

2019-06-16< 7.11.28

WordPress WP Google Maps plugin <= 7.11.27 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

N/A

2019-07-10< 7.11.35

WordPress WP Google Maps plugin <= 7.11.34 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

N/A

2014-10-22< 6.0.27

CVE-2014-7182

CVE Wordfence Patchstack WPScan

Medium 6.1

2019-03-22< 7.10.43

WordPress WP Google Maps plugin <= 7.10.41 - Cross-Site Scripting (XSS) vulnerability

Patchstack CVE Wordfence WPScan

Critical 9.8

2020-09-09< 7.11.18

WP Go Maps (formerly WP Google Maps) <= 7.11.17 - SQL Injection

Wordfence CVE WPScan

Medium 5.4

2019-08-09< 7.11.35

CVE-2019-14792

CVE Wordfence WPScan

Medium 5.4

2021-06-21< 8.1.12

CVE-2021-24383

CVE Patchstack Wordfence WPScan

Medium 5.5

2021-09-09< 8.1.13

CVE-2021-36870

CVE Wordfence Patchstack WPScan