CVE-2025-9352 identifies a stored cross-site scripting vulnerability in the Pronamic Google Maps plugin for WordPress, present in all versions up to and including 2.4.1. The vulnerability stems from improper neutralization of input (CWE-79) in the description field, where user-supplied content is insufficiently sanitized and output escaped before rendering on web pages. This flaw allows authenticated users with Contributor-level privileges or higher to inject arbitrary JavaScript code that is stored persistently and executed in the browsers of any users who visit the compromised pages. Because the vulnerability requires only contributor-level access, it poses a risk in environments where multiple users have content creation permissions. The attack vector is network-based with low attack complexity and no user interaction required beyond page access. The vulnerability impacts confidentiality and integrity by enabling theft of session cookies, defacement, or redirection attacks, but does not affect availability. The CVSS 3.1 base score is 5.4, reflecting these factors. No patches were linked at the time of publication, and no known exploits have been reported in the wild. The vulnerability was assigned by Wordfence and published on August 28, 2025.

This vulnerability can lead to unauthorized script execution in the context of affected WordPress sites using the Pronamic Google Maps plugin. Potential impacts include theft of user session tokens, enabling account takeover; defacement of website content; redirection to malicious sites; and distribution of malware. Since the exploit requires only contributor-level access, attackers who gain such privileges—either through compromised accounts or social engineering—can leverage this flaw to escalate their impact. The vulnerability undermines user trust and can damage organizational reputation. For organizations relying on this plugin, especially those with multiple content contributors or public-facing sites, the risk of persistent XSS attacks is significant. However, the lack of known exploits in the wild and the medium CVSS score suggest the threat is moderate but warrants prompt remediation to prevent exploitation.

Organizations should immediately upgrade the Pronamic Google Maps plugin to a fixed version once available. Until a patch is released, administrators should restrict contributor-level permissions to trusted users only and audit existing users for unnecessary privileges. Implementing a Web Application Firewall (WAF) with rules to detect and block suspicious script injection attempts in plugin-related inputs can provide interim protection. Additionally, site owners should enforce Content Security Policy (CSP) headers to limit the execution of unauthorized scripts. Regularly scanning the website for injected scripts and monitoring logs for unusual activity can help detect exploitation attempts early. Developers should also review and harden input validation and output encoding in all plugin fields. Finally, educating contributors about safe content practices reduces the risk of accidental injection.