Deze pagina is nog niet vertaald naar uw taal. We werken eraan — de inhoud wordt voorlopig in het Engels weergegeven.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2025-15345: XSS in MapGeo – Interactive Geo Maps
Platform
wordpress
Component
interactive-geo-maps
Opgelost in
1.6.28
CVE-2025-15345 identifies a Reflected Cross-Site Scripting (XSS) vulnerability affecting the MapGeo – Interactive Geo Maps plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages. The issue impacts versions 1.0.0 through 1.6.27, and a patch is available in version 1.6.28.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Impact en Aanvalsscenarioswordt vertaald…
Successful exploitation of CVE-2025-15345 allows an attacker to execute malicious JavaScript code within the context of a user's browser. This can lead to various consequences, including session hijacking, credential theft, and defacement of the affected WordPress site. Attackers could craft malicious links containing the injected script and trick users into clicking them, leading to the execution of the attacker's code. The impact is amplified if the website handles sensitive user data or financial transactions, as attackers could potentially steal this information. This vulnerability shares similarities with other XSS vulnerabilities where user input is not properly sanitized before being displayed, leading to code injection.
Uitbuitingscontextwordt vertaald…
CVE-2025-15345 was published on 2026-05-14. Its severity is currently assessed as Medium (CVSS 6.1). No public Proof-of-Concept (POC) exploits have been publicly disclosed at the time of writing, but the vulnerability's nature makes it likely that such exploits will emerge. There are no indications of active exploitation campaigns targeting this vulnerability at this time. Refer to the WordPress security advisory for further details.
Dreigingsinformatie
Exploit Status
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Vereist — slachtoffer moet een bestand openen, op een link klikken of een pagina bezoeken.
- Scope
- Gewijzigd — aanval kan voorbij het kwetsbare component uitbreiden naar andere systemen.
- Confidentiality
- Laag — gedeeltelijke toegang tot enkele gegevens.
- Integrity
- Laag — aanvaller kan enkele gegevens met beperkte omvang aanpassen.
- Availability
- Geen — geen beschikbaarheidsimpact.
Getroffen Software
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2025-15345 is to immediately upgrade the MapGeo – Interactive Geo Maps plugin to version 1.6.28 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing suspicious characters in the 'map' parameter. Additionally, carefully review any user input used in the display-map shortcode and ensure proper input sanitization and output escaping are implemented. Regularly scan your WordPress installation for vulnerable plugins using security scanning tools.
Hoe te verhelpen
Update naar versie 1.6.28, of een nieuwere gepatchte versie
Veelgestelde vragenwordt vertaald…
What is CVE-2025-15345 — XSS in MapGeo – Interactive Geo Maps?
CVE-2025-15345 is a Reflected Cross-Site Scripting (XSS) vulnerability in the MapGeo WordPress plugin, allowing attackers to inject malicious scripts via the 'map' parameter. It affects versions 1.0.0 through 1.6.27.
Am I affected by CVE-2025-15345 in MapGeo – Interactive Geo Maps?
You are affected if you are using the MapGeo plugin in WordPress versions 1.0.0 to 1.6.27. Check your plugin version immediately and upgrade if necessary.
How do I fix CVE-2025-15345 in MapGeo – Interactive Geo Maps?
Upgrade the MapGeo plugin to version 1.6.28 or later to resolve the vulnerability. Consider implementing a WAF rule as a temporary mitigation if immediate upgrade is not possible.
Is CVE-2025-15345 being actively exploited?
There are currently no public reports of active exploitation campaigns targeting CVE-2025-15345, but the vulnerability's nature makes it a potential target.
Where can I find the official MapGeo advisory for CVE-2025-15345?
Refer to the WordPress security advisory and the MapGeo plugin's official website for the latest information and updates regarding CVE-2025-15345.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Scan nu uw WordPress project — geen account
Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.
Sleep uw afhankelijkheidsbestand hierheen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...