CVE-2025-11999

MEDIUM

WordPress Add Multiple Marker <1.2 - Info Disclosure

Title source: llm

Description

The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarker_reset_map() and amm_save_map_api() functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to update the map API and reset maps.

References (4)

Core 4

Core References

https://plugins.trac.wordpress.org/changeset/3433258/

Product

https://plugins.trac.wordpress.org/browser/add-multiple-marker/tags/1.2/functions.php

Various Sources

https://tinyurl.com/2bcmmpxb

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/f4f1467d-1f66-4e99-af44-9329cfe1efac?source=cve

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 14.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (2)

krishaweb/Add Multiple Marker < 1.2

krishaweb/Multi Location Marker < 1.2

Published Nov 11, 2025

Tracked Since Feb 18, 2026