Does OS DataHub Maps have any unpatched vulnerabilities?

No. All known vulnerabilities in OS DataHub Maps have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OS DataHub Maps compatible with WordPress 6.9.4?

According to WordPress.org data, OS DataHub Maps 1.8.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is OS DataHub Maps compatible with PHP 5.6.0+?

OS DataHub Maps requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OS DataHub Maps updated?

OS DataHub Maps was last updated on Feb 2, 2026. Frequent updates are generally a positive security signal.

What is OS DataHub Maps's security score?

OS DataHub Maps has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OS DataHub Maps Security & Risk Analysis

wordpress.org/plugins/os-datahub-maps

A plugin to display UK Ordnance Survey maps with markers and tracks.

200 active installs v1.8.4 PHP 5.6.0+ WP 4.5+ Updated Feb 2, 2026

cyclingmapordnance-surveyridingwalking

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 2, 2026

Plugin page Download

Safety Verdict

Is OS DataHub Maps Safe to Use in 2026?

Generally Safe

Score 97/100

OS DataHub Maps has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 2, 2026Updated 2mo ago

Risk Assessment

The "os-datahub-maps" v1.8.4 plugin exhibits a generally positive security posture with several good practices observed. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and a high percentage of properly escaped output are strong indicators of secure coding. Furthermore, the plugin correctly utilizes capability checks for sensitive operations and avoids bundled libraries, reducing potential attack vectors from outdated dependencies. The total entry points are low and importantly, none are reported as unprotected, suggesting a robust approach to limiting unauthorized access.

However, there are areas that warrant attention. The static analysis reveals a lack of nonce checks. While the entry points are limited and protected by capability checks, nonce checks are a crucial secondary layer of defense against Cross-Site Request Forgery (CSRF) attacks, especially for actions initiated through shortcodes. The plugin's vulnerability history, though currently showing no unpatched CVEs, indicates a past high-severity vulnerability related to unrestricted file uploads. This pattern, coupled with the presence of file operations in the code, suggests a potential ongoing risk if not meticulously managed.

In conclusion, "os-datahub-maps" v1.8.4 demonstrates good development practices in key areas like SQL security and output sanitization. The primary weakness lies in the missing nonce checks, which could be exploited in specific scenarios. The past high-severity vulnerability, while patched, serves as a cautionary note regarding file handling and reiterates the importance of ongoing security vigilance.

Key Concerns

Missing nonce checks on entry points
Past high severity vulnerability (Unrestricted Upload)

Vulnerabilities

OS DataHub Maps Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2026-1730high · 8.8Unrestricted Upload of File with Dangerous Type

OS DataHub Maps <= 1.8.3 - Authenticated (Author+) Arbitrary File Upload

Feb 2, 2026 Patched in 1.8.4 (1d)

Code Analysis

Analyzed Mar 16, 2026

OS DataHub Maps Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

66 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped75 total outputs

Attack Surface

OS DataHub Maps Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[osmap_test] include\osmap-shortcode.php:63

[osmap] include\osmap-shortcode.php:65

[osmap_marker] include\osmap-shortcode.php:67

[osmap_link] include\osmap-shortcode.php:68

WordPress Hooks 9

actionadmin_noticesinclude\osmap-admin.php:47

actionadmin_initinclude\osmap-admin.php:48

actionadmin_menuinclude\osmap-admin.php:49

filterupload_mimesinclude\osmap-admin.php:50

filterwp_check_filetype_and_extinclude\osmap-admin.php:51

actioninitinclude\osmap-shortcode.php:42

actionwp_enqueue_scriptsinclude\osmap-shortcode.php:43

actionwp_footerinclude\osmap-shortcode.php:44

actionplugins_loadedinclude\osmap-shortcode.php:45

Maintenance & Trust

OS DataHub Maps Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 2, 2026

PHP min version5.6.0

Downloads9K

Community Trust

Rating100/100

Number of ratings16

Active installs200

Alternatives

OS DataHub Maps Alternatives

WP-Routes Plugin

wp-routes

Add Cycle Routes, Mountain Bike Trails, Running Tracks, Walking Routes and much more to your posts and pages.

100 No CVEs

RunPress

runpress

100

Imports your sports activities (have a look at the readme for details) from the Runtastic website. Displays the data via shortcodes on your webpage.

10 No CVEs

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 18 CVEs

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

XML Sitemap Generator for Google

google-sitemap-generator

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs

Developer Profile

OS DataHub Maps Developer Profile

skirridsystems

1 plugin · 200 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect OS DataHub Maps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/os-datahub-maps/js/osmap-shortcode.js/wp-content/plugins/os-datahub-maps/css/osmap.css/wp-content/plugins/os-datahub-maps/js/osmap-admin.js/wp-content/plugins/os-datahub-maps/js/osmap.js/wp-content/plugins/os-datahub-maps/css/osmap-admin.css/wp-content/plugins/os-datahub-maps/js/osmap-api.js

Script Paths

https://cdn.skirridsystems.co.uk/jquery/1.12.4/jquery.min.jshttps://cdn.skirridsystems.co.uk/leaflet/1.7.1/leaflet.jshttps://cdn.skirridsystems.co.uk/os-datahub-maps/1.8.4/os-datahub-maps.js

Version Parameters

os-datahub-maps/style.css?ver=osmap-shortcode.js?ver=osmap.css?ver=osmap.js?ver=osmap-admin.css?ver=osmap-api.js?ver=osmap-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

osmap-canvas

HTML Comments

+1 more

Data Attributes

data-apikeydata-default_zoomdata-default_heightdata-default_widthdata-default_profiledata-default_color+20 more

JS Globals

OS_DataHub_Maps

Shortcode Output

[os-map][os-datahub-map]

FAQ