cleantalk
Vulnerabilities and Security Researches

OSM – OpenStreetMap, CVE-2024-8991

CVE, Research URL

CVE-2024-8991

Home page URL

Security reports for OSM – OpenStreetMap

Application

OSM – OpenStreetMap

Published on
Sep 27, 2024
Research Description
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 6.1.1.
Status
vulnerable
Previous vulnerability researches
Cosmic Blocks (40+) Content Editor Blocks Collection (CVE-2024-13674) , Feb 20, 2025
turboSMTP (CVE-2025-22753) , Jan 17, 2025
turboSMTP (CVE-2024-12323) , Dec 11, 2024
Events Manager – OpenStreetMaps (CVE-2025-58265) , Sep 27, 2025
소셜 공유 버튼 By 코스모스팜 (CVE-2024-53745) , Dec 03, 2024
New vulnerability
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-24373) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32385) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32498) , Mar 30, 2026
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026
Master Addons for Elementor (CVE-2026-32462) , Mar 30, 2026