MEDIUM
MiKa
CVE published 2026-03-27
CVE-2026-33559
A stored cross-site scripting (XSS) vulnerability exists in the WordPress OpenStreetMap plugin by MiKa. The flaw allows authenticated users with page creation or editing privileges to embed malicious scripts via crafted HTTP requests. When victim users access the compromised page, the injected script executes in their browser context. The vulnerability carries a CVSS 4.0 score of 5.1 (MEDIUM severity) and [truncated]