CVE-2026-25323 WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through = 6.1.12...

WordPress OSM plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin OSM versions = 6.0.3...

WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin OSM versions = 6.1.12...

Security Bulletin:The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting, affects watsonx.data

Summary The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This could affe...

CVE-2025-31557 WordPress OSM plugin <= 6.1.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MiKa OSM osm allows DOM-Based XSS.This issue affects OSM: from n/a through = 6.1.13...

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2022-4676 OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

WordPress plugin OSM 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-30544

Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...

PT-2023-13013 · Unknown · Mika'S Osm – Openstreetmap Plugin

Name of the Vulnerable Software and Affected Versions: MiKa's OSM – OpenStreetMap plugin versions = 6.0.1 Description: The issue is related to Cross-Site Request Forgery CSRF in the plugin. This means an attacker could potentially trick a user into performing unintended actions on the application...