CVE-2025-11999
📋 TL;DR
The Add Multiple Marker WordPress plugin has missing capability checks in two functions, allowing unauthenticated attackers to reset maps and update map API settings. This affects all WordPress sites using plugin versions 1.2 and earlier. Attackers can modify map configurations without authentication.
💻 Affected Systems
- WordPress Add Multiple Marker plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could replace legitimate map APIs with malicious ones, redirecting users to phishing sites or injecting malicious content through compromised map services.
Likely Case
Attackers reset maps to default settings or change API keys, disrupting map functionality and potentially causing service interruptions.
If Mitigated
With proper WordPress hardening and network controls, impact is limited to map functionality disruption without broader system compromise.
🎯 Exploit Status
Simple HTTP POST requests to vulnerable endpoints. No authentication required. Attack tools likely exist in WordPress exploitation frameworks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/add-multiple-marker/tags/1.3/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Add Multiple Marker' plugin. 4. Click 'Update Now' if update available. 5. If no update, deactivate and delete plugin, then install fresh version 1.3+ from WordPress repository.
🔧 Temporary Workarounds
Temporary endpoint blocking
allBlock access to vulnerable plugin endpoints via web server configuration or WAF
# Apache: RewriteRule ^/wp-content/plugins/add-multiple-marker/.*\.php$ - [F,L]
# Nginx: location ~ /wp-content/plugins/add-multiple-marker/.*\.php$ { deny all; }
🧯 If You Can't Patch
- Deactivate the Add Multiple Marker plugin immediately
- Implement web application firewall rules to block POST requests to addmultiplemarker_reset_map and amm_save_map_api endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Add Multiple Marker' version. If version is 1.2 or lower, system is vulnerable.Check Version:
# From WordPress root: grep -r "Version:" wp-content/plugins/add-multiple-marker/*.php | head -1Verify Fix Applied:
After update, verify plugin version shows 1.3 or higher in WordPress admin panel. Test that map API settings cannot be modified by unauthenticated users.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-content/plugins/add-multiple-marker/functions.php with parameters 'action=addmultiplemarker_reset_map' or 'action=amm_save_map_api'
- Unusual map API configuration changes in WordPress database
Network Indicators:
- HTTP POST requests to plugin PHP files from unauthenticated sources
- Unusual outbound connections to new map API domains
SIEM Query:
source="web_logs" AND (uri_path="*add-multiple-marker*" AND http_method="POST" AND (form_data="*addmultiplemarker_reset_map*" OR form_data="*amm_save_map_api*"))