40 matches found
CVE-2025-6572
CVE-2025-6572 affects the WordPress plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) up to and including version 1.2.0. The issue is that the plugin does not validate and escape certain block options before outputting them in a page/post where the block is e...
CVE-2024-8991
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11827
The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootbquery shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-31557
CVE-2025-31557 (OSM – OpenStreetMap) is an authenticated stored cross-site scripting vulnerability in the OSM WordPress plugin, affecting OpenStreetMap versions up to 6.1.6. The EU/ENISA entry confirms the issue as Stored XSS and indicates Patch/Remediation status as Unpatched in public advisorie...
CVE-2024-11827
The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootbquery shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11827 Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode
The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootbquery shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11827 Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode
The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootbquery shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11827
CVE-2024-11827 affects the OpenStreetMap plugin for WordPress (Out of the Block). The vulnerability is a Stored Cross‑Site Scripting in the ootb_query shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes, exploitable by authenticated users with contr...
PT-2024-17277
Name of the Vulnerable Software and Affected Versions The Out of the Block: OpenStreetMap plugin for WordPress versions up to, and including, 2.8.3 Description The issue is related to Stored Cross-Site Scripting via the plugin's ootb query shortcode due to insufficient input sanitization and outp...
CVE-2024-8991
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3604
The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-3603
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...
WordPress OSM – OpenStreetMap plugin <= 6.0.3 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin OSM versions = 6.0.3...
WordPress plugin OSM - OpenStreetMap Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin OpenStreetMap for...
CVE-2022-30544
Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...
CVE-2022-30544
Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...
CVE-2022-30544
Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...
CVE-2022-30544 WordPress OSM – OpenStreetMap Plugin <= 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...
PT-2023-13013 · Unknown · Mika'S Osm – Openstreetmap Plugin
Name of the Vulnerable Software and Affected Versions: MiKa's OSM – OpenStreetMap plugin versions = 6.0.1 Description: The issue is related to Cross-Site Request Forgery CSRF in the plugin. This means an attacker could potentially trick a user into performing unintended actions on the application...