CVE-2025-11999

EUVD-2025-60924
The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarker_reset_map() and amm_save_map_api() functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to update the map API and reset maps.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
WordfenceCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
krishawebadd_multiple_marker
𝑥
≤ 1.2
CNA
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/browser/add-multiple-marker/tags/1.2/functions.php
https://tinyurl.com/2bcmmpxb
https://www.wordfence.com/threat-intel/vulnerabilities/id/f4f1467d-1f66-4e99-af44-9329cfe1efac?source=cve