Vulnerabilities > Hyumika
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-11 | CVE-2024-52355 | Cross-site Scripting vulnerability in Hyumika Openstreetmap Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2. | 5.4 |
| 2024-09-27 | CVE-2024-8991 | Cross-site Scripting vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-09 | CVE-2024-3603 | Cross-site Scripting vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. | 5.4 |
| 2024-07-09 | CVE-2024-3604 | SQL Injection vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2023-01-17 | CVE-2022-30544 | Cross-Site Request Forgery (CSRF) vulnerability in Hyumika Openstreetmap Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions. | 8.8 |