CVE-2025-11703
BaseFortify
Publication date: 2025-10-18
Last updated on: 2025-10-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | wp_go_maps | 9.0.48 |
| wordfence | wp_go_maps | 9.0.49 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-349 | The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the WP Go Maps plugin for WordPress (up to version 9.0.48) is a cache poisoning issue. The plugin relied on user input to serve cached location search results instead of using server-side cached data. This flaw allowed unauthenticated attackers to manipulate the cache for location search results, potentially injecting malicious or incorrect data into the cache. The vulnerability was fixed by introducing a server-side proxy for Nominatim geocoding requests, sanitizing inputs and outputs, and securing cache handling to prevent unauthorized cache poisoning. [3, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to poison the cache of location search results in the WP Go Maps plugin. This means attackers could inject false or malicious location data that users might see, potentially misleading users or causing incorrect map displays. Since the vulnerability does not affect confidentiality or availability, the main impact is on data integrity (incorrect or manipulated location information).
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unusual or unauthorized cache poisoning attempts targeting the WP Go Maps plugin's location search results. Since the vulnerability arises from unauthenticated attackers poisoning cache locations via user input, network or system administrators can look for suspicious HTTP requests to the vulnerable plugin endpoints, especially those that manipulate Nominatim geocoding queries. Specific commands are not provided in the resources, but general approaches include inspecting web server logs for unusual query parameters or repeated requests to the plugin's geocoding endpoints, and using tools like curl or wget to test if the server responds to crafted queries that could poison the cache. For example, one might use curl to send crafted GET requests to the plugin's Nominatim query endpoints and observe responses or cache behavior. However, no explicit commands are detailed in the provided resources. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WP Go Maps plugin to version 9.0.49 or later, which includes a security patch that fixes the cache poisoning vulnerability by implementing a server-side proxy for Nominatim geocoding requests, sanitizing inputs, and securing cache handling. This update removes vulnerable endpoints and replaces them with secure implementations that prevent unauthenticated cache poisoning. Applying this update will mitigate the vulnerability effectively. Additionally, monitoring and restricting direct client-side requests to Nominatim through the plugin can help reduce exposure until the update is applied. [2, 3]