| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4429 | OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute | photoweblog | OSM – OpenStreetMap | Medium | 6.4 | 2026-04-09 02:25:06 | Deep Dive |
| CVE-2026-25323 | WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability | MiKa | OSM | - | - | 2026-02-19 08:26:56 | Deep Dive |
| CVE-2025-8619 | OSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL | garbowza | OSM Map Widget for Elementor | Medium | 6.4 | 2025-08-29 04:25:29 | Deep Dive |
| CVE-2025-27081 | HPE NonStop OSM Service Connection Suite, Denial of Service vulnerability | Hewlett Packard Enterprise | HPE NonStop OSM Service Connection Suite | Medium | 6.8 | 2025-04-10 08:43:48 | Deep Dive |
| CVE-2025-31557 | WordPress OSM plugin <= 6.1.13 - Cross Site Scripting (XSS) vulnerability | MiKa | OSM | Medium | 6.5 | 2025-03-31 12:55:17 | Deep Dive |
| CVE-2024-52355 | WordPress OSM – OpenStreetMap plugin <= 6.1.2 - Cross Site Scripting (XSS) vulnerability | MiKa | OSM | Medium | 6.5 | 2024-11-11 06:12:05 | Deep Dive |
| CVE-2024-8991 | OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes | photoweblog | OSM – OpenStreetMap | Medium | 6.4 | 2024-09-27 06:53:59 | Deep Dive |
| CVE-2024-3604 | OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection | photoweblog | OSM – OpenStreetMap | Critical | 9.9 | 2024-07-09 08:33:12 | Deep Dive |
| CVE-2024-3603 | OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | photoweblog | OSM – OpenStreetMap | Medium | 6.4 | 2024-07-09 08:33:07 | Deep Dive |
| CVE-2024-4663 | OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | garbowza | OSM Map Widget for Elementor | Medium | 6.4 | 2024-06-19 03:12:29 | Deep Dive |
| CVE-2022-4676 | OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode | Unknown | OSM | 中危 | - | 2023-05-30 07:49:16 | Deep Dive |
| CVE-2022-30544 | WordPress OSM – OpenStreetMap Plugin <= 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | MiKa | OSM – OpenStreetMap | Medium | 4.3 | 2023-01-17 04:23:59 | Deep Dive |
| CVE-2018-25064 | OSM Lab show-me-the-way site.js cross site scripting | OSM Lab | show-me-the-way | Low | 3.5 | 2023-01-05 08:06:32 | Deep Dive |
| CVE-2020-7749 | Server-side Request Forgery (SSRF) | - | osm-static-maps | High | 7.6 | 2020-10-20 10:25:27 | Deep Dive |