Skip to main content

Dylan Kuhn Geo Mashup CVE-2026-42734

| EUVDEUVD-2026-32179 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-05-27 audit@patchstack.com GHSA-jh8h-gfc6-89v8
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 20:50 vuln.today

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through <= 1.13.19.

AnalysisAI

Reflected cross-site scripting in the Geo Mashup WordPress plugin (Dylan Kuhn) affects all versions up to and including 1.13.19, letting an unauthenticated attacker inject script that executes in a victim's browser when they click a crafted link. The CVSS 3.1 base score is 7.1 with a changed scope, reflecting that injected script can affect resources beyond the vulnerable component, though confidentiality, integrity, and availability impacts are each rated low. EPSS is very low (0.03%, 10th percentile) and there is no public exploit identified at time of analysis.

Share

CVE-2026-42734 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy