cleantalk
Vulnerabilities and Security Researches

OSM – OpenStreetMap, CVE-2026-33559

CVE, Research URL

CVE-2026-33559

Home page URL

Security reports for OSM – OpenStreetMap

Application

OSM – OpenStreetMap

Published on
Mar 27, 2026
Research Description
WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser.
Affected versions
max 6.1.15.
Status
vulnerable
Previous vulnerability researches
FooGallery Captions (CVE-2025-23889) , Jan 25, 2025
New vulnerability
Classified Listing – Classified ads & Business Directory Plugin (CVE-2026-23546) , Mar 30, 2026
Remoji – Post/Comment Reaction and Enhancement (CVE-2026-25452) , Mar 30, 2026
Spa and Salon (CVE-2026-25374) , Mar 30, 2026
Poll | Vote | Contest – Best Poll Plugin for WordPress (CVE-2026-27044) , Mar 30, 2026
Podlove Web Player (CVE-2026-24385) , Mar 30, 2026