Medium severity5.3NVD Advisory· Published Nov 11, 2025· Updated Apr 15, 2026

CVE-2025-11999

Description

The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarker_reset_map() and amm_save_map_api() functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to update the map API and reset maps.

Affected products

WordPress/Add Multiple Markerinferred2 versions
<=1.2+ 1 more
- (no CPE)range: <=1.2
- (no CPE)range: <=1.2
Package: https://wordpress.org/plugins/add-multiple-marker

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/add-multiple-marker/tags/1.2/functions.phpnvd
plugins.trac.wordpress.org/changeset/3433258/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/f4f1467d-1f66-4e99-af44-9329cfe1efacnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000