The vulnerability CVE-2025-23893 affects the Manny Costales GMap Shortcode plugin (version ≤ 2.0). It is a DOM-based Cross-site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The CVSS 3.1 base score is 6.5 (medium severity), with attack vector network, low attack complexity, requiring low privileges and user interaction, and impacts on confidentiality, integrity, and availability at a low level. No patch or vendor advisory is currently provided, and no known exploits have been reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of information, modification of data, or disruption of service. However, exploitation requires user interaction and low privileges, limiting the overall impact severity to medium.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider limiting exposure by restricting access to the affected plugin or disabling it if feasible. Monitor official channels for updates or patches from the vendor.