WordPress OSM – OpenStreetMap Plugin <= 6.1.0 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 602fbf695703 Credits Peter Thaleikis...

WordPress plugin OSM – OpenStreetMap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

CVE-2024-3604 OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3604 OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3604

CVE-2024-3604 affects the OSM – OpenStreetMap WordPress plugin. The Red Hat advisory confirms an authenticated SQL Injection via the 'tagged_filter' parameter of the 'osm_map_v3' shortcode, affecting all versions up to 6.0.2. The vulnerability arises from insufficient escaping of user input and l...

CVE-2024-3603 OSM – OpenStreetMap <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

CVE-2024-3603

CVE-2024-3603 affects the OSM – OpenStreetMap WordPress plugin. All versions up to 6.0.2 are vulnerable to a Stored XSS via the plugin’s osm_map shortcode due to insufficient input sanitization and output escaping for attributes (e.g., theme). Exploitation requires contributor-level access or hig...

CVE-2024-3603 OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

WordPress OSM – OpenStreetMap plugin <= 6.0.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin OSM versions = 6.0.3...

WordPress plugin OSM - OpenStreetMap Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26854 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'osm map' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin OSM - OpenStreetMap Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress OSM – OpenStreetMap Plugin <= 6.0.3 is vulnerable to SQL Injection

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3604 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c1b5cb216f5c Credits Krzysztof Zając Required privilege Contributor...

WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) plugin <= 1.1.2 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer versions = 1.1.2...

WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Plugin <= 1.1.2 is vulnerable to Backdoor

Software OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2c4a57caa5d5 Credits...

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-30450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder...