Osm Openstreetmap

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-4429 MEDIUM This Month

Stored Cross-Site Scripting in OSM - OpenStreetMap WordPress plugin versions up to 6.1.15 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript through insufficiently sanitized 'marker_name' and 'file_color_list' shortcode attributes in [osm_map_v3], executing malicious scripts whenever users access affected pages. CVSS 6.4 reflects moderate severity with cross-site impact; exploitation requires valid WordPress user credentials but no user interaction beyond page access.

WordPress PHP XSS Osm Openstreetmap

NVD

CVSS 3.1

6.4

EPSS

0.1%

CVE-2026-4429

EPSS 0% CVSS 6.4

MEDIUM This Month

Stored Cross-Site Scripting in OSM - OpenStreetMap WordPress plugin versions up to 6.1.15 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript through insufficiently sanitized 'marker_name' and 'file_color_list' shortcode attributes in [osm_map_v3], executing malicious scripts whenever users access affected pages. CVSS 6.4 reflects moderate severity with cross-site impact; exploitation requires valid WordPress user credentials but no user interaction beyond page access.

WordPress PHP XSS +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy