CVE-2026-33559

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.4 / 10

Vector String

                                        CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser.

Vulnerability Details

Published Date

March 27, 2026

Last Modified

March 30, 2026

CWE ID

CWE-79

Source

NVD

Vendor

MiKa

Product

OpenStreetMap

External References

https://jvn.jp/en/jp/JVN48058823/
https://wordpress.org/plugins/osm/

CVE-2026-33559

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment