CVE-2026-57670
Deferred Deferred - Pending Action

Unauthenticated XSS in Google Maps CP

Vulnerability report for CVE-2026-57670, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
codepeople google_maps_cp_plugin to 1.2.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Unauthenticated Cross Site Scripting (XSS) issue found in the WordPress Google Maps CP Plugin versions 1.2.5 and below.

It allows attackers to inject malicious scripts into the website, which execute when visitors access the site.

Exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page.

The vulnerability has a CVSS score of 7.1, indicating moderate danger and potential for widespread exploitation.

Impact Analysis

Successful exploitation of this vulnerability can lead to attackers injecting malicious scripts that may perform actions such as redirects or displaying unwanted advertisements.

This can compromise the integrity and trustworthiness of your website, potentially harming your users and your reputation.

Because the vulnerability can be exploited in mass campaigns targeting many websites, it poses a significant risk if not patched.

Detection Guidance

The vulnerability is a Cross Site Scripting (XSS) issue in the WordPress Google Maps CP Plugin versions 1.2.5 and below. Detection typically involves monitoring for suspicious script injections or unusual redirects on affected web pages.

Since the vulnerability requires user interaction such as clicking a malicious link or visiting a crafted page, network detection can include inspecting HTTP requests and responses for injected scripts or unexpected parameters.

While no specific commands are provided in the resources, common detection methods include using web vulnerability scanners that check for XSS vulnerabilities or analyzing web server logs for suspicious activity related to the plugin.

Mitigation Strategies

The immediate recommended step is to update the WordPress Google Maps CP Plugin to version 1.2.6 or later, which contains the patch for this vulnerability.

Until the update can be applied, applying the mitigation rule provided by Patchstack to block attacks targeting this vulnerability is advised.

Additionally, monitoring for suspicious activity and limiting user interactions that could trigger the vulnerability can help reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57670. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart