A vulnerability was found in lucdecri Posts map Plugin up to 0.1.3 on WordPress. It has been declared as problematic . The affected element is an unknown function of the component Shortcode Handler . Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-6236 . The attack can be executed remotely. There is not any exploit available.