CVE-2025-13850 is a stored Cross-Site Scripting (XSS) vulnerability identified in the LS Google Map Router plugin for WordPress, affecting all versions up to and including 1.1.0. The vulnerability stems from insufficient sanitization and escaping of user input in the 'map_type' parameter during web page generation. An attacker with authenticated Contributor-level access or higher can inject arbitrary JavaScript code into pages using this parameter. When other users access these pages, the injected scripts execute in their browsers, potentially compromising session tokens, redirecting users, or performing actions on behalf of the victim. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, requiring privileges (PR:L), no user interaction, and a scope change. Although no known exploits are currently in the wild, the vulnerability poses a significant risk to WordPress sites using this plugin, especially those allowing multiple contributors. The lack of available patches at the time of reporting necessitates immediate attention to mitigate risk. The vulnerability's exploitation can lead to partial confidentiality and integrity loss but does not affect availability. Given WordPress's popularity in Europe, this vulnerability could impact many organizations relying on this plugin for map routing functionality.

For European organizations, the exploitation of CVE-2025-13850 could lead to unauthorized script execution within their WordPress sites, potentially resulting in session hijacking, data theft, defacement, or unauthorized actions performed on behalf of legitimate users. This can damage organizational reputation, lead to data breaches involving user information, and disrupt business operations relying on web presence. Since the vulnerability requires authenticated Contributor-level access, insider threats or compromised accounts pose a significant risk. Organizations with collaborative content management environments are particularly vulnerable. The medium severity score indicates moderate risk; however, the scope change means that the vulnerability can affect components beyond the initial vulnerable plugin, potentially impacting other site functionalities. Given the widespread use of WordPress in Europe, especially among SMEs and public sector websites, the threat could have broad implications if exploited at scale. The absence of known exploits currently provides a window for proactive mitigation, but the risk remains significant due to the ease of exploitation once access is obtained.

European organizations should immediately audit their WordPress installations to identify the presence of the LS Google Map Router plugin and verify its version. Since no official patches are currently available, organizations should consider temporarily disabling or removing the plugin to eliminate the attack vector. Restrict Contributor-level access strictly to trusted users and enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of account compromise. Implement Web Application Firewalls (WAFs) with custom rules to detect and block malicious payloads targeting the 'map_type' parameter. Regularly monitor logs for suspicious activities related to plugin usage and user input. Educate content contributors about the risks of injecting untrusted content and enforce strict content validation policies. Once a patch is released, prioritize immediate deployment. Additionally, consider employing Content Security Policy (CSP) headers to limit the impact of potential script injections. Conduct periodic security assessments and vulnerability scans focusing on WordPress plugins to detect similar issues proactively.