CVE-2025-39465: 
WordPress vulnerability analysis and mitigation

The wp-google-map-gold WordPress plugin contains a missing authorization vulnerability (CVE-2025-39465) that affects all versions up to and including 5.8.4. This security flaw was discovered and disclosed on April 17, 2025, impacting the Advanced Google Maps plugin developed by flippercode (Rapid7, Patchstack).

The vulnerability stems from a missing capability check on a function, which allows authenticated users with Subscriber-level access and above to perform unauthorized actions. The issue has been assigned a CVSS score of 4.3, indicating a moderate severity level. The security flaw is classified as a Broken Access Control vulnerability, which occurs due to missing authorization, authentication, or nonce token checks in a function that could enable unprivileged users to execute higher privileged actions (Patchstack, Rapid7).

The vulnerability allows authenticated attackers with Subscriber-level access to perform unauthorized actions within the plugin's functionality. This broken access control issue could potentially lead to privilege escalation scenarios where lower-privileged users can execute actions intended for higher-privileged users (Patchstack).

The vulnerability has been patched in version 5.8.5 of the wp-google-map-gold plugin. Users are advised to update to version 5.8.5 or later to remediate the security issue. Website administrators can also enable auto-updates for vulnerable plugins if they are using Patchstack security solutions (Patchstack).