cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8991,https://securityvulnerability.io/vulnerability/CVE-2024-8991,Stored Cross-Site Scripting Vulnerability Affects OpenStreetMap Plugin for WordPress,"The OpenStreetMap plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping on user-supplied attributes in the plugin's osm_map and osm_map_v3 shortcodes. As a result, authenticated attackers with contributor-level access or higher can inject arbitrary scripts into web pages. The malicious scripts execute whenever a user visits the compromised page, leading to potential security compromises and data breaches. It is essential for users of affected versions to apply necessary updates and implement security measures to mitigate this risk.",Wordpress,Osm – Openstreetmap,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2024-09-27T06:53:58.679Z,0
CVE-2024-3604,https://securityvulnerability.io/vulnerability/CVE-2024-3604,SQL Injection Vulnerability in OSM – OpenStreetMap Plugin,"The OpenStreetMap plugin for WordPress is susceptible to SQL Injection due to inadequate input escaping on the 'tagged_filter' attribute of the 'osm_map_v3' shortcode. This vulnerability affects all versions up to and including 6.0.2. Authenticated users with contributor-level access and above can exploit this flaw by appending additional SQL queries to existing queries, enabling them to extract sensitive data from the database. Proper sanitization and parameterized queries should be implemented to mitigate this issue.",Wordpress,Osm – Openstreetmap,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-07-09T08:33:11.994Z,0
CVE-2024-3603,https://securityvulnerability.io/vulnerability/CVE-2024-3603,Vulnerability in OSM Plugin for WordPress Allows Arbitrary Script Injection,"The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Osm – Openstreetmap,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-09T08:33:07.241Z,0