CVE-2026-9594

The WP Maps plugin for WordPress (affected versions up to 4.9.4) is vulnerable to a Stored Cross-Site Scripting (XSS) via the location_messages parameter due to insufficient input sanitization and output escaping. The vulnerability requires authenticated access at administrator level or higher, w...

PT-2026-47143

Name of the Vulnerable Software and Affected Versions WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters versions prior to 4.9.5 Description The plugin is subject to Stored Cross-Site Scripting XSS, a flaw where malicious scripts are permanently stored on the...