cleantalk
Vulnerabilities and Security Researches

OS DataHub Maps, CVE-2026-1730

CVE, Research URL

CVE-2026-1730

Home page URL

Security reports for OS DataHub Maps

Application

OS DataHub Maps

Published on
Feb 03, 2026
Research Description
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.8.4.
Status
vulnerable
Previous vulnerability researches
OS DataHub Maps (CVE-2026-1730) , Apr 15, 2026
New vulnerability
Robin image optimizer — save money on image compression (CVE-2026-1319) , Apr 15, 2026
Advanced Woo Labels – Product Labels for WooCommerce (CVE-2026-1929) , Apr 15, 2026
Newsletter – Send awesome emails from WordPress (CVE-2026-1051) , Apr 15, 2026
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2026-1277) , Apr 15, 2026
FlatPM – Ad Manager, AdSense and Custom Code (CVE-2026-0690) , Apr 15, 2026