
Tiles Proxy for OpenStreetMap Security & Risk Analysis
wordpress.org/plugins/osm-tiles-proxyA basic proxy that lets OpenStreetMap plugins load map tiles from your own server instead of OpenStreetMap servers.
Is Tiles Proxy for OpenStreetMap Safe to Use in 2026?
Generally Safe
Score 100/100Tiles Proxy for OpenStreetMap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "osm-tiles-proxy" plugin v2.3.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices in avoiding dangerous functions, utilizing prepared statements for all SQL queries, and having no recorded vulnerability history. The absence of taint analysis issues and only one external HTTP request are also favorable. However, significant concerns arise from its attack surface. With one unprotected REST API route and zero capability checks, this presents a clear entry point for unauthorized actions. Furthermore, the low percentage of properly escaped output suggests potential for cross-site scripting vulnerabilities, especially when dealing with data that might be reflected in user interfaces.
Key Concerns
- Unprotected REST API route
- Zero capability checks
- Low output escaping percentage
Tiles Proxy for OpenStreetMap Security Vulnerabilities
Tiles Proxy for OpenStreetMap Release Timeline
Tiles Proxy for OpenStreetMap Code Analysis
Output Escaping
Tiles Proxy for OpenStreetMap Attack Surface
REST API Routes 1
WordPress Hooks 18
Maintenance & Trust
Tiles Proxy for OpenStreetMap Maintenance & Trust
Maintenance Signals
Community Trust
Tiles Proxy for OpenStreetMap Alternatives
Embed Google Fonts
embed-google-fonts
Embed Google Fonts tries to automatically replace registered Google Fonts from themes and plugin with local versions, directly loaded from your own se …
oEmbed Manager
oembed-manager
Manage oEmbed capabilities of your website and take a new step in the GDPR compliance of your embedded content.
Embed Consent
embed-consent
Replaces embed blocks with a confirmation to ask for consent before loading third-party resources.
Lazy Load for YouTube – GDPR Friendly YouTube Embed Block by DBlocks
dblocks-youtube-lazyload
GDPR friendly lazy load YouTube block. Only loads the video player when visitors click play. Boost page speed.
drakkar.one map
drakkar-one-map
A privacy-friendly map widget. No Google, no API keys, no cookies. GDPR-compliant out of the box.
Tiles Proxy for OpenStreetMap Developer Profile
3 plugins · 6K total installs
How We Detect Tiles Proxy for OpenStreetMap
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/osm-tiles-proxy/assets/customizer-preview.js/wp-content/plugins/osm-tiles-proxy/assets/customizer-preview.jsHTML / DOM Fingerprints
data-customize-setting-link="osm_tiles_proxy_min_zoom"data-customize-setting-link="osm_tiles_proxy_max_zoom"data-customize-setting-link="osm_tiles_proxy_min_x"data-customize-setting-link="osm_tiles_proxy_max_x"data-customize-setting-link="osm_tiles_proxy_min_y"data-customize-setting-link="osm_tiles_proxy_max_y"wp_leaflet_map/wp-json/osm-tiles-proxy/v1/tile