A vulnerability classified as problematic was found in onthemapmarketing Accessibly Plugin up to 3.0.3 on WordPress. The impacted element is the function updateWidgetOptions of the file /otm-ac/v1/update-widget-options of the component REST API Endpoint . The manipulation of the argument widgetSrc results in cross site scripting. This vulnerability is reported as CVE-2026-3643 . The attack can be launched remotely. No exploit exists.