CVE-2026-33559

Description

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser.

References

• https://jvn.jp/en/jp/JVN48058823/
• https://wordpress.org/plugins/osm/