CVE Catalog

CVE-2026-57670

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The Google Maps CP plugin version 1.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. This allows a remote attacker to inject malicious script without requiring authentication.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or alter website content, leading to loss of trust and potential financial damage.

Recommendation

Immediately update the Google Maps CP plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS