CVE-2025-32138: 
WordPress vulnerability analysis and mitigation

The CVE-2025-32138 is an XML External Entity (XXE) vulnerability discovered in the Easy Google Maps WordPress plugin affecting versions up to and including 1.11.17. The vulnerability was publicly disclosed on April 4, 2025, and allows XML injection through improper restriction of XML external entity references (NVD, Patchstack).

The vulnerability is classified as CWE-611 (Improper Restriction of XML External Entity Reference). It received a CVSS v3.1 base score of 6.6 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L. The vulnerability requires author-level access or higher privileges to exploit (WPScan, Patchstack).

The XXE vulnerability could potentially allow authenticated attackers to perform XML injection, which may lead to information disclosure, denial of service, and server-side request forgery. The impact is considered medium severity due to the requirement of authenticated access (Patchstack).

Currently, there is no official fix available for this vulnerability. The latest affected version is 1.11.17, and users are advised to implement proper XML parsing controls and restrict access to the affected functionality (Patchstack).