VYPR
Unrated severityNVD Advisory· Published Jan 8, 2024· Updated Jun 18, 2025

WP Go Maps < 9.0.28 - Unauthenticated Stored XSS

CVE-2023-6627

Description

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.