A vulnerability was found in flippercode WP Maps Plugin up to 4.9.4 on WordPress. It has been rated as problematic . This affects an unknown function. The manipulation of the argument location_messages leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-9594 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.