CVE Catalog
CVE-2026-57670
HighCVSS 7.1Summary
The Google Maps CP plugin version 1.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. This allows a remote attacker to inject malicious script without requiring authentication.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or alter website content, leading to loss of trust and potential financial damage.
Recommendation
Immediately update the Google Maps CP plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions.

