cleantalk
Vulnerabilities and Security Researches

OSM – OpenStreetMap, CVE-2022-4676

CVE, Research URL

CVE-2022-4676

Home page URL

Security reports for OSM – OpenStreetMap

Application

OSM – OpenStreetMap

Published on
May 30, 2023
Research Description
The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Affected versions
max 6.0.6.
Status
vulnerable
Previous vulnerability researches
Cosmic Blocks (40+) Content Editor Blocks Collection (CVE-2024-13674) , Feb 20, 2025
turboSMTP (CVE-2025-22753) , Jan 17, 2025
turboSMTP (CVE-2024-12323) , Dec 11, 2024
Events Manager – OpenStreetMaps (CVE-2025-58265) , Sep 27, 2025
소셜 공유 버튼 By 코스모스팜 (CVE-2024-53745) , Dec 03, 2024
New vulnerability
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-24373) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32385) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32498) , Mar 30, 2026
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026
Master Addons for Elementor (CVE-2026-32462) , Mar 30, 2026