Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through <= 1.13.19.
AnalysisAI
Reflected cross-site scripting in the Geo Mashup WordPress plugin (Dylan Kuhn) affects all versions up to and including 1.13.19, letting an unauthenticated attacker inject script that executes in a victim's browser when they click a crafted link. The CVSS 3.1 base score is 7.1 with a changed scope, reflecting that injected script can affect resources beyond the vulnerable component, though confidentiality, integrity, and availability impacts are each rated low. EPSS is very low (0.03%, 10th percentile) and there is no public exploit identified at time of analysis.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32179
GHSA-jh8h-gfc6-89v8