WordPress OSM plugin <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'markername' Shortcode Attribute vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin OSM versions = 6.1.15...

EUVD-2026-20837

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4429

CVE-2026-4429 concerns the WordPress plugin OSM – OpenStreetMap (vulnerable up to 6.1.15). The flaw is a Stored Cross‑Site Scripting via the [osm_map_v3] shortcode attributes, specifically marker_name and file_color_list , due to insufficient input sanitization and output escaping. With authentic...

PT-2026-31570

Name of the Vulnerable Software and Affected Versions OSM – OpenStreetMap plugin for WordPress versions up to and including 6.1.15 Description The OSM – OpenStreetMap plugin for WordPress is susceptible to Stored Cross-Site Scripting through the marker name and file color list shortcode attribute...

WordPress plugin OSM – OpenStreetMap 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

WordPress Plugin "OpenStreetMap" vulnerable to cross-site scripting

Overview WordPress Plugin "OpenStreetMap" provided by MiKa contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-33559 Naoya Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact O...

EUVD-2026-16553

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

CVE-2026-33559

The CVE-2026-33559 entry concerns the WordPress OpenStreetMap plugin (MiKa). A cross-site scripting vulnerability exists in an affected plugin version where a logged-in user with page-creating/editing privileges can embed malicious script via a crafted HTTP request. When another user accesses the...

PT-2026-28495

Name of the Vulnerable Software and Affected Versions WordPress Plugin OpenStreetMap versions affected versions not specified Description The OpenStreetMap WordPress plugin by MiKa has a cross-site scripting issue. A user logged in with page creation or editing rights can inject malicious script...

WordPress plugin OpenStreetMap 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

@hotosm/id (>=2.18.1 <=2.34.0), @janefeel/id (>=2.35.0-dev <=2.35.23) +6 more potentially affected by CVE-2026-27210 via pannellum (=2.5.6)

pannellum NPM version =2.5.6 is affected by a known vulnerability. The following packages have a transitive dependency on pannellum and may be impacted: - @hotosm/id =2.18.1, =2.35.0-dev, =2.35.25, =2.18.5, =2.1.0, =2.33.0, =2.33.3 Source cves: CVE-2026-27210 Source advisory:...

CVE-2026-25323

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through = 6.1.12...

CVE-2026-25323 WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through = 6.1.12...

CVE-2026-25323

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through = 6.1.12...