CVE-2025-11813 identifies a stored Cross-Site Scripting (XSS) vulnerability in the Responsive iframe GoogleMap plugin for WordPress, versions up to and including 1.0.2. The vulnerability arises from improper neutralization of input (CWE-79) during web page generation, specifically due to insufficient sanitization and output escaping of the 'width' and 'height' attributes within the 'responsive_map' shortcode. Authenticated attackers with contributor-level access or higher can exploit this flaw by injecting arbitrary JavaScript code into these attributes. Because the injection is stored, the malicious script executes every time any user accesses the affected page, potentially compromising user sessions, stealing cookies, or performing unauthorized actions on behalf of users. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting medium severity, with an attack vector of network (remote), low attack complexity, and requiring privileges (PR:L) but no user interaction. The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability is particularly concerning for WordPress sites that assign contributor or higher roles broadly, as these users can inject malicious content that affects all visitors. The plugin’s widespread use in embedding Google Maps via iframes in WordPress pages increases the attack surface. The flaw highlights the importance of rigorous input validation and output encoding in web plugins to prevent stored XSS attacks.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of user data on WordPress sites utilizing the Responsive iframe GoogleMap plugin. Attackers with contributor-level access can inject persistent malicious scripts, potentially leading to session hijacking, credential theft, defacement, or unauthorized actions performed in the context of legitimate users. This can damage organizational reputation, lead to data breaches, and cause compliance violations under GDPR due to unauthorized data exposure. The vulnerability does not impact availability directly but can indirectly affect service trustworthiness. Organizations with collaborative content management workflows that assign contributor roles to multiple users are at higher risk. Since WordPress powers a substantial portion of European websites, especially in sectors like media, education, and small to medium enterprises, the potential impact is broad. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code could be developed. Attackers may also use this vulnerability as a foothold for further attacks within the network or to spread malware to site visitors.

European organizations should take immediate steps to mitigate this vulnerability beyond generic patching advice. First, restrict contributor-level access strictly to trusted users and review user roles to minimize unnecessary privileges. Implement Web Application Firewall (WAF) rules that detect and block suspicious shortcode parameters, especially unusual values in 'width' and 'height' attributes. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected sites. Conduct thorough code reviews and sanitize all user inputs in shortcodes, applying strict whitelist validation for numeric attributes like width and height. Monitor site content for unexpected script injections or anomalies in shortcode usage. If possible, disable or replace the Responsive iframe GoogleMap plugin with a secure alternative until a patch is released. Regularly audit WordPress plugins for updates and security advisories. Educate content contributors about the risks of injecting untrusted content and enforce secure content management policies. Finally, maintain comprehensive logging and alerting to detect exploitation attempts promptly.