CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2026-25323

CVE-2026-25323 affects WordPress OSM plugin versions

WordPress plugin OSM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-13196

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...

EUVD-2025-197969

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-13196

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-13196 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-13196 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-13196

CVE-2025-13196 (Element Pack Addons for Elementor, WordPress) The vulnerability is a Stored Cross-Site Scripting flaw in the Open Street Map widget’s marker content parameter, affecting all versions up to 8.3.4. Authentication is required (contributors or higher) to inject scripts that execute fo...

WordPress Element Pack Addons for Elementor plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Open Street Map widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 8.3.4...

WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞

WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...

PT-2025-47287

Name of the Vulnerable Software and Affected Versions Element Pack Addons for Elementor plugin for WordPress versions up to and including 8.3.4 Description The Element Pack Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Open Street Map widget’s...

EUVD-2023-49937

Malicious code in bioql PyPI...

CVE-2025-9123 CBX Map for Google Map & OpenStreetMap <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-8619 OSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2024-30450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder...

CVE-2023-45645

Cross-Site Request Forgery CSRF vulnerability in InfoD74 WP Open Street Map plugin = 1.25 versions...

WordPress OSM plugin <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via osmmap and osmmapv3 Shortcodes vulnerability discovered by Peter Thaleikis in WordPress Plugin OSM versions = 6.1.0...