CVE-2026-25323 WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through = 6.1.12...

CVE-2025-31557

CVE-2025-31557 (OSM – OpenStreetMap) is an authenticated stored cross-site scripting vulnerability in the OSM WordPress plugin, affecting OpenStreetMap versions up to 6.1.6. The EU/ENISA entry confirms the issue as Stored XSS and indicates Patch/Remediation status as Unpatched in public advisorie...

CVE-2025-31557 WordPress OSM plugin <= 6.1.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MiKa OSM osm allows DOM-Based XSS.This issue affects OSM: from n/a through = 6.1.13...

CVE-2024-52355

CVE-2024-52355 (OSM – OpenStreetMap, Hyumika OSM) has concrete details in connected sources: a Stored Cross-Site Scripting (XSS) in the OpenStreetMap WordPress plugin, caused by improper input neutralization during web page generation. Affected software is the OSM – OpenStreetMap plugin (Hyumika ...

WordPress OSM – OpenStreetMap Plugin <= 6.1.0 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 602fbf695703 Credits Peter Thaleikis...

WordPress OSM – OpenStreetMap Plugin < 6.0.6 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions 6.0.6 Fixed in 6.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4676 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ef5a2646cfcc Credits Lana Codes...