CVE-2025-48078: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin Norbert Slick Google Map (slick-google-map) that allows for Stored XSS attacks. The vulnerability affects all versions of Slick Google Map through version 0.3. This security issue was initially reported on October 13, 2025, and was assigned the identifier CVE-2025-48078 (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The attack requires no privileges and can be executed by an unauthenticated user (NVD, Patchstack).

The vulnerability allows malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF with Stored XSS capabilities makes this vulnerability particularly concerning as it could lead to complete compromise of the affected system's confidentiality, integrity, and availability (Patchstack).

Currently, there is no official fix available for this vulnerability. While Patchstack has classified this as a low-priority issue that is unlikely to be exploited, website administrators running affected versions should consider implementing general CSRF protection measures or removing the plugin until a patch is available (Patchstack).