cleantalk
Vulnerabilities and Security Researches

OSM – OpenStreetMap, CVE-2024-3604

CVE, Research URL

CVE-2024-3604

Home page URL

Security reports for OSM – OpenStreetMap

Application

OSM – OpenStreetMap

Published on
Jul 09, 2024
Research Description
The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 6.0.4.
Status
vulnerable
Previous vulnerability researches
Cosmic Blocks (40+) Content Editor Blocks Collection (CVE-2024-13674) , Feb 20, 2025
turboSMTP (CVE-2025-22753) , Jan 17, 2025
turboSMTP (CVE-2024-12323) , Dec 11, 2024
Events Manager – OpenStreetMaps (CVE-2025-58265) , Sep 27, 2025
소셜 공유 버튼 By 코스모스팜 (CVE-2024-53745) , Dec 03, 2024
New vulnerability
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-24373) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32385) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32498) , Mar 30, 2026
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026
Master Addons for Elementor (CVE-2026-32462) , Mar 30, 2026