CVE-2026-3643 | onthemapmarketing Accessibly Plugin up to 3.0.3 on WordPress REST API Endpoint update-widget-options updateWidgetOptions widgetSrc cross site scripting

Inserito da Angelo Barbosa | Apr 15, 2026 | CVE

A vulnerability classified as problematic was found in onthemapmarketing Accessibly Plugin up to 3.0.3 on WordPress. The impacted element is the function updateWidgetOptions of the file /otm-ac/v1/update-widget-options of the component REST API Endpoint. The manipulation of the argument widgetSrc results in cross site scripting.

This vulnerability is reported as CVE-2026-3643. The attack can be launched remotely. No exploit exists.

CVE-2026-3643 | onthemapmarketing Accessibly Plugin up to 3.0.3 on WordPress REST API Endpoint update-widget-options updateWidgetOptions widgetSrc cross site scripting

Post correlati

CVE-2025-3621 | ProTNS ActADUR prior 2.0.2.0 command injection

CVE-2024-41373 | ICEcoder 8.1 backup-versions-preview-loader.php path traversal

CVE-2024-1130 | NEX-Forms Plugin up to 8.5.6 on WordPress set_read authorization

CVE-2024-6127 | BC Security Empire up to 5.9.2 path traversal