CVE-2026-33559

MEDIUM CVSS 5.4 View on NVD ↗

Description

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

https://jvn.jp/en/jp/JVN48058823/
https://wordpress.org/plugins/osm/

Published: Mar 27, 2026 06:16 UTC Modified: Mar 27, 2026 06:16 UTC