cleantalk
Vulnerabilities and Security Researches

OSM – OpenStreetMap, CVE-2026-33559

CVE, Research URL

CVE-2026-33559

Home page URL

Security reports for OSM – OpenStreetMap

Application

OSM – OpenStreetMap

Published on
Mar 27, 2026
Research Description
WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser.
Affected versions
max 6.1.15.
Status
vulnerable
Previous vulnerability researches
Authors Autocomplete Meta Box (CVE-2025-25169) , Feb 17, 2025
New vulnerability
ViaBill – WooCommerce (CVE-2026-25469) , Mar 30, 2026
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses (CVE-2026-31914) , Mar 30, 2026
YML for Yandex Market (CVE-2026-32567) , Mar 30, 2026
OVRI Payment (CVE-2024-10938) , Mar 30, 2026
Textmetrics (CVE-2026-32331) , Mar 30, 2026