CVE-2025-23517
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunil chaulagain Google Map on Post/Page google-map-on-postpage allows Reflected XSS.This issue affects Google Map on Post/Page: from n/a through <= 1.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS vulnerability in WordPress Google Map on Post/Page plugin <=1.1 allows attackers to inject malicious scripts via improper input neutralization.
Overview
The Google Map on Post/Page plugin for WordPress versions up to 1.1 contains a reflected Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation [1]. This allows attackers to inject arbitrary HTML and JavaScript.
Exploitation
To exploit, an attacker must trick a privileged user (such as an admin) into clicking a crafted link or visiting a specially prepared page [1]. The malicious payload is reflected back to the user without proper sanitization, executing in the context of the victim's browser.
Impact
Successful exploitation enables the attacker to inject malicious scripts, including redirects, advertisements, and other HTML payloads [1]. This can lead to compromised site integrity, phishing attacks, or unauthorized actions performed on behalf of the victim.
Mitigation
Users should update the plugin to a patched version if available. Until then, applying a Web Application Firewall rule, such as those provided by Patchstack, can block exploit attempts [1]. The vulnerability is predicted to be actively exploited in mass campaigns.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.