[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqcywa9iHOjXG-U35Gb2mtlvue0GNc9KuFoOI_-LhWp4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":54,"analysis":155,"fingerprints":276},"wp-open-street-map","WP Open Street Map","1.35","manu225","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanu225\u002F","\u003Cp>Create easily maps with OpenStreetMap. \u003Ca href=\"https:\u002F\u002Fwww.info-d-74.com\u002Fen\u002Fwp-openstreetmap-demos-2\u002F\" rel=\"nofollow ugc\">Here some examples\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>A Pro version with more options is available: \u003Ca href=\"https:\u002F\u002Fwww.info-d-74.com\u002Fen\u002Fproduit\u002Fwp-openstreetmap-pro-plugin-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.info-d-74.com\u002Fen\u002Fproduit\u002Fwp-openstreetmap-pro-plugin-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Create easily maps with OpenStreetMap",3000,40554,76,9,"2026-03-11T12:55:00.000Z","6.9.4","3.5","",[20,21,22,23,24],"map","open-street-map","openstreet","openstreetmap","osm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-open-street-map.1.35.zip",100,1,0,"2023-10-12 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-45645","wp-open-street-map-cross-site-request-forgery-via-wpopenstreetmaps","WP Open Street Map \u003C= 1.25 - Cross-Site Request Forgery via wp_openstreetmaps","The WP Open Street Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on the wp_openstreetmaps function. This makes it possible for unauthenticated attackers to edit or delete maps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.25","1.30","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1aa0fd9d-6c9f-4110-92a0-064fa4b9b589?source=api-prod",103,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":26,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},17,26850,29,94,"2026-04-04T13:57:55.059Z",[55,77,99,120,137],{"slug":24,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":16,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":64,"vuln_count":75,"unpatched_count":28,"last_vuln_date":76,"fetched_at":30},"OSM – OpenStreetMap","6.1.15","MiKa","https:\u002F\u002Fprofiles.wordpress.org\u002Fphotoweblog\u002F","\u003Cp>Add a map with marker in less than 100 sec:\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FGDoiXO1SfJ0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>If you want to get detailed information about the OSM-plugin visit these pages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Homepage: \u003Ca href=\"https:\u002F\u002Fwp-osm-plugin.hyumika.com\u002F\" title=\"OSM-plugin\" rel=\"nofollow ugc\">WP-OSM-Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Forum: \u003Ca href=\"https:\u002F\u002Fwp-osm-plugin.hyumika.com\u002Fsurvey\u002F\" title=\"OSM-plugin feedback \u002F feature request EN|DE\" rel=\"nofollow ugc\">EN|DE\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter: \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fwp_osm_plugin\" title=\"@WP_OSM_Plugin\" rel=\"nofollow ugc\">@WP_OSM_Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features of the WP-OSM-plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>OpenStreetMap, HOT, OpenSeaMap, OpenTopoMap, BaseMap (AT), Stamen in posts\u002Fpages\u003C\u002Fli>\n\u003Cli>Integration in post \u002F page \u002F widget\u003C\u002Fli>\n\u003Cli>HTML Popup Marker\u003C\u002Fli>\n\u003Cli>GPX and KML (incl. upload in Mediathek)\u003C\u002Fli>\n\u003Cli>Map with geo-tagged posts\u002Fpages as linked marker\u003C\u002Fli>\n\u003Cli>Map with autogenerated track by geo-tagged posts \u002F pages\u003C\u002Fli>\n\u003Cli>html-meta tags for geo-tagged posts\u002Fpages\u003C\u002Fli>\n\u003Cli>uses OpenLayers Library\u003C\u002Fli>\n\u003Cli>SSL connection (https)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Languages – thanks to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Deutsch\u003C\u002Fli>\n\u003Cli>Japanese [by Sykane]\u003C\u002Fli>\n\u003Cli>French [by Tounoki and Marc]\u003C\u002Fli>\n\u003Cli>Russian [by Вячеслав Стренадко\u002FVyacheslav Strenadko]\u003C\u002Fli>\n\u003Cli>Italian [by Andrea Giacomelli]\u003C\u002Fli>\n\u003Cli>Spanish [by Colegota]\u003C\u002Fli>\n\u003Cli>Romanian [by Sorin Pop]\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Swedish [by Olle Zettergren]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fopenlayers.org\" rel=\"nofollow ugc\">OpenLayers\u003C\u002Fa>: Open Source JavaScript, released under the 2-clause BSD\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>!! IMPORTANT !!\u003Cbr \u002F>\nThe WordPress Plugin Review Team required us to provide opt-in feature to display attribution since it is part of \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fdetailed-plugin-guidelines\u002F#10-plugins-may-not-embed-external-links-or-credits-on-the-public-site-without-explicitly-asking-the-user%e2%80%99s-permission\" rel=\"nofollow ugc\">WordPress Plugin Guidelines\u003C\u002Fa>. So you have to enable the checkbox “Display attribution (credit) in the map.” at the WP OSM Plugin Shortcode generater or add the attribution manually to your map. Otherwise it may violate the map or data license, eg \u003Ca href=\"https:\u002F\u002Fwww.openstreetmap.org\u002Fcopyright\" rel=\"nofollow ugc\">OpenStreetMap\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin enables GPX and KML upload!\u003C\u002Fp>\n\u003Cp>Licenses of the maps:\u003Cbr \u002F>\n* OpenStreetMap: \u003Ca href=\"https:\u002F\u002Fwww.openstreetmap.org\u002Fcopyright\" rel=\"nofollow ugc\">OpenStreetMap License\u003C\u002Fa>\u003Cbr \u002F>\n* OpenTopoMap: \u003Ca href=\"https:\u002F\u002Fopentopomap.org\u002Fabout\" rel=\"nofollow ugc\">OpenTopoMap License\u003C\u002Fa>\u003Cbr \u002F>\n* Stamen Maps: \u003Ca href=\"http:\u002F\u002Fmaps.stamen.com\" rel=\"nofollow ugc\">Stamen License\u003C\u002Fa>\u003Cbr \u002F>\n* BaseMap:  \u003Ca href=\"http:\u002F\u002Fbasemap.at\" rel=\"nofollow ugc\">BaseMap License\u003C\u002Fa>\u003Cbr \u002F>\n* Thunderforest (API key): \u003Ca href=\"http:\u002F\u002Fwww.thunderforest.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Thunderforest License\u003C\u002Fa>\u003Cbr \u002F>\n* Others: Depends on the map you are including – check it before including it!\u003C\u002Fp>\n","Customize maps in your post, pages and widgets. GPX, KML and more. The easy way to map!",10000,645442,92,135,"2026-03-01T08:27:00.000Z","3.0","5.3",[70,71,72,23,24],"gpx","kml","openseamap","https:\u002F\u002Fwp-osm-plugin.hyumika.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fosm.6.1.15.zip",7,"2025-03-31 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":26,"downloaded":85,"rating":26,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":97,"unpatched_count":28,"last_vuln_date":98,"fetched_at":30},"shmapper-by-teplitsa","ShMapper by Teplitsa","1.5.1","Denis Cherniatev","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenischerniatev\u002F","\u003Cp>The shMapper plugin allows you to create simple crowdsourcing maps on OpenStreetMap with an option of feedback messages form. This plugin gives you an alternative to current online map services such as Yandex.Maps, Google Maps etc which don’t provide the option for users to add new objects.\u003C\u002Fp>\n\u003Cp>Most of the code written by Gennadiy Glazunov aka \u003Ca href=\"http:\u002F\u002Fgenagl.ru\" rel=\"nofollow ugc\">Genagl\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Core features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configure and display maps with markers on pages.\u003C\u002Fli>\n\u003Cli>Display maps using shortcodes.\u003C\u002Fli>\n\u003Cli>Receive new map markers via feedback form.\u003C\u002Fli>\n\u003Cli>Pre or post-moderation of new markers.\u003C\u002Fli>\n\u003Cli>reCaptcha form protection.\u003C\u002Fli>\n\u003Cli>Custom markers icons.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PHP at least 5.6 is required for plugin to work correctly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Help the project\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We will be very grateful if you will help us to make ShMapper better.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can add a bugreport or a feature request on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTeplitsa\u002Fshmapper\u002Fissues\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Send us your pull request to share a code impovement.\u003C\u002Fli>\n\u003Cli>You can make a new plugin translation for your language or send us a fixes for an existing translation, if needed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have a questions for the plugin work in any aspect, please address our support service on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTeplitsa\u002Fshmapper\u002Fissues\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","shMapper is a plugin, that allows you to create simple crowdsourcing maps based on OpenStreetMap and Yandex.Maps.",7394,5,"2025-01-14T10:19:00.000Z","6.7.5","5.0","7.4",[92,20,23,24,93],"crowdsourcing","yandex-map","http:\u002F\u002Fgenagl.ru\u002F?p=652","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshmapper-by-teplitsa.zip",91,2,"2025-01-24 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":26,"num_ratings":27,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":116,"download_link":117,"security_score":118,"vuln_count":27,"unpatched_count":27,"last_vuln_date":119,"fetched_at":30},"cpt-to-map-store","Custom Post Type to Map Store","1.1.0","lriaudel","https:\u002F\u002Fprofiles.wordpress.org\u002Flriaudel\u002F","\u003Cp>The plugin allows to :\u003C\u002Fp>\n\u003Col>\n\u003Cli>Generate a \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FGeoJSON\" rel=\"nofollow ugc\">GEOJson\u003C\u002Fa> feed from coordinates recorded in the sample posts.\u003C\u002Fli>\n\u003Cli>Display this feed on a map with a shortcode.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Mapping from a \u003Cstrong>Post Type\u003C\u002Fstrong> to generate a GeoJson feed of all posts.\u003C\u002Fli>\n\u003Cli>Exposure this \u003Cstrong>Geojson feeds\u003C\u002Fstrong> on the WordPress Rest-API\u003C\u002Fli>\n\u003Cli>Possibility to make a \u003Cstrong>template\u003C\u002Fstrong> for the map markers popup\u003C\u002Fli>\n\u003Cli>Coordinate reading compatibility for :\n\u003Cul>\n\u003Cli>a text field\u003C\u002Fli>\n\u003Cli>an ACF Google Map field\u003C\u002Fli>\n\u003Cli>an ACF field for the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-openstreetmap-field\u002F\" rel=\"ugc\">ACF OpenStreetMap Fields\u003C\u002Fa> extension \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Displaying a map by \u003Cstrong>shortcode of all points\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Open Street Map put in \u003Cstrong>cache\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Hook\u003C\u002Fh3>\n\u003Ch4>The marker content\u003C\u002Fh4>\n\u003Cp>You can customize more finely the marker popup content.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\nfunction bindPopup_content_filter( $bindPopup_content, $post_id ) {\n    return \"Yeahhhhh\";\n}\n\nadd_filter( 'cpt_to_map_store_bindPopup_content', 'bindPopup_content_filter', 10, 2 );\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Cache\u003C\u002Fh3>\n\u003Cp>This plugin works with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fosm-tiles-proxy\u002F\" rel=\"ugc\">Tiles Proxy for OpenStreetMap\u003C\u002Fa> for put in cache the map tiles.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default, always included\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Information !\u003C\u002Fh3>\n\u003Cp>Have fun\u003C\u002Fp>\n","An another Store Locator on WordPress but with OpenStreetMap & Leaflet and Meta Fields",40,1885,"2020-06-19T08:50:00.000Z","5.4.19","4.0","7.0",[114,20,21,23,115],"geojson","store-locator","https:\u002F\u002Fgithub.com\u002Flriaudel\u002Fcpt-to-map-store","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcpt-to-map-store.1.1.0.zip",64,"2024-11-28 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":28,"num_ratings":28,"last_updated":130,"tested_up_to":131,"requires_at_least":18,"requires_php":18,"tags":132,"homepage":134,"download_link":135,"security_score":136,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"acf-openstreetmap-field-block","ACF OpenStreetMap Field into a Block","1.0","julianoe","https:\u002F\u002Fprofiles.wordpress.org\u002Fjulianoe\u002F","\u003Cp>Very simple plugin to add Acf Block support for the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-openstreetmap-field\u002F\" rel=\"ugc\">ACF OpenStreetMap Field\u003C\u002Fa> from Jörn Lund.\u003Cbr \u002F>\nThis plugin obviously will only work if you install Advanced Custom Field and ACF OpenStreetMap Field.\u003C\u002Fp>\n\u003Cp>The plugin will create an ACF group field with one OpenStreetMap field configured with default parameters.\u003Cbr \u002F>\nYou can always override this ACF Group field by creating your own group field titled “ACF OSM BLOCK” and defining its location to be the “ACF OpenStreetMap Block”.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Plugin working with \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fpodpirate\u002F\" rel=\"nofollow ugc\">podpirate\u003C\u002Fa> aka Jörn Lund’s plugin\u003Cbr \u002F>\nPhoto by \u003Ca href=\"https:\u002F\u002Fwww.pexels.com\u002F@oidonnyboy\" rel=\"nofollow ugc\">Nick Wehrli\u003C\u002Fa> from pexels.\u003Cbr \u002F>\nIcon “location” by the WordPress Dashicons.\u003C\u002Fp>\n","Very simple plugin that adds an OpenStreetMap ACF block to the WordPress block editor.",10,1201,"2021-05-07T22:59:00.000Z","5.7.15",[133,23,24],"acf","https:\u002F\u002Fframagit.org\u002Fjulianoe\u002Facf-openstreetmap-field-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-openstreetmap-field-block.zip",85,{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":128,"downloaded":145,"rating":146,"num_ratings":97,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":18,"tags":150,"homepage":153,"download_link":154,"security_score":136,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"mapbb","MapBBCode for WordPress","0.1","Alexander Sapozhnikov","https:\u002F\u002Fprofiles.wordpress.org\u002Fshoorick\u002F","\u003Cp>This plugin allows to use shortcode \u003Ccode>[map]\u003C\u002Fcode>\u003Cbr \u002F>\n(\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMapBBCode\u002Fmapbbcode\u002Fblob\u002Fmaster\u002FBBCODE.md\" rel=\"nofollow ugc\">syntax\u003C\u002Fa>)\u003Cbr \u002F>\nwhich transforms to Leaflet based map.\u003C\u002Fp>\n\u003Cp>For more information, check out \u003Ca href=\"http:\u002F\u002Fmapbbcode.org\u002F\" rel=\"nofollow ugc\">MapBBCode.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Add shortcode into you pages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[map][\u002Fmap]\u003C\u002Fcode> for default map\u003C\u002Fli>\n\u003Cli>\u003Ccode>[map=Zoom,Latitude,Longitude][\u002Fmap]\u003C\u002Fcode> for map centered at (Latitude, Longitude)\u003C\u002Fli>\n\u003Cli>\u003Ccode>[map]Latitude,Longitude(Text)[\u002Fmap]\u003C\u002Fcode> for map with balloon\u003C\u002Fli>\n\u003Cli>\u003Ccode>[map]Lat1,Lon1; Lat2,Lon2[\u002Fmap]\u003C\u002Fcode> for map with multiple markers\u003C\u002Fli>\n\u003Cli>\u003Ccode>[map]Lat1,Lon1 Lat2,Lon2 Lat3,Lon3(color|Text)[\u002Fmap]\u003C\u002Fcode> for map with polyline or polygon\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See \u003Ca href=\"http:\u002F\u002Fshoorick.ru\u002Fsoftware\u002Fmapbb-wordpress\u002F\" rel=\"nofollow ugc\">examples\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Caveats\u003C\u002Fh3>\n\u003Cp>Width of all maps are 604 pixels, it is good for Twenty Thirteen theme but\u003Cbr \u002F>\nstill not tested with other themes and may appear ugly.\u003C\u002Fp>\n","MapBB-shortcodes [map] for Leaflet based maps.",1688,80,"2013-11-06T10:43:00.000Z","3.7.41","3.0.1",[20,151,23,24,152],"maps","shortcode","http:\u002F\u002Fshoorick.ru\u002Fsoftware\u002Fmapbb-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmapbb.0.1.zip",{"attackSurface":156,"codeSignals":184,"taintFlows":205,"riskAssessment":270,"analyzedAt":275},{"hooks":157,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":183,"entryPointCount":27,"unprotectedCount":28},[158,164,168,172],{"type":159,"name":160,"callback":161,"file":162,"line":163},"action","admin_menu","register_wp_openstreetmap_menu","wp_openstreetmap.php",136,{"type":159,"name":165,"callback":166,"file":162,"line":167},"admin_print_styles","wp_openstreetmap_css",148,{"type":159,"name":169,"callback":170,"file":162,"line":171},"admin_enqueue_scripts","load_script_wp_openstreetmap",160,{"type":159,"name":173,"callback":174,"file":162,"line":175},"plugins_loaded","wp_openstreetmap_textdomain",568,[],[],[179],{"tag":180,"callback":181,"file":162,"line":182},"wp-osm","display_wp_openstreetmap",470,[],{"dangerousFunctions":185,"sqlUsage":186,"outputEscaping":197,"fileOperations":28,"externalRequests":28,"nonceChecks":188,"capabilityChecks":27,"bundledLibraries":204},[],{"prepared":187,"raw":188,"locations":189},24,3,[190,193,195],{"file":162,"line":191,"context":192},240,"$wpdb->get_results() with variable interpolation",{"file":162,"line":194,"context":192},418,{"file":162,"line":196,"context":192},446,{"escaped":198,"rawEcho":27,"locations":199},86,[200],{"file":201,"line":202,"context":203},"views\\manage.php",179,"raw output",[],[206,253],{"entryPoint":207,"graph":208,"unsanitizedCount":28,"severity":252},"wp_openstreetmaps (wp_openstreetmap.php:170)",{"nodes":209,"edges":246},[210,215,221,225,230,234,237,241],{"id":211,"type":212,"label":213,"file":162,"line":214},"n0","source","$_POST",220,{"id":216,"type":217,"label":218,"file":162,"line":219,"wp_function":220},"n1","sink","query() [SQLi]",224,"query",{"id":222,"type":212,"label":223,"file":162,"line":224},"n2","$_GET (x2)",260,{"id":226,"type":217,"label":227,"file":162,"line":228,"wp_function":229},"n3","get_row() [SQLi]",262,"get_row",{"id":231,"type":212,"label":232,"file":162,"line":233},"n4","$_GET (x4)",320,{"id":235,"type":217,"label":218,"file":162,"line":236,"wp_function":220},"n5",322,{"id":238,"type":212,"label":239,"file":162,"line":240},"n6","$_GET",348,{"id":242,"type":217,"label":243,"file":162,"line":244,"wp_function":245},"n7","get_results() [SQLi]",350,"get_results",[247,249,250,251],{"from":211,"to":216,"sanitized":248},true,{"from":222,"to":226,"sanitized":248},{"from":231,"to":235,"sanitized":248},{"from":238,"to":242,"sanitized":248},"low",{"entryPoint":254,"graph":255,"unsanitizedCount":28,"severity":252},"\u003Cwp_openstreetmap> (wp_openstreetmap.php:0)",{"nodes":256,"edges":265},[257,258,259,260,261,262,263,264],{"id":211,"type":212,"label":213,"file":162,"line":214},{"id":216,"type":217,"label":218,"file":162,"line":219,"wp_function":220},{"id":222,"type":212,"label":232,"file":162,"line":224},{"id":226,"type":217,"label":227,"file":162,"line":228,"wp_function":229},{"id":231,"type":212,"label":232,"file":162,"line":233},{"id":235,"type":217,"label":218,"file":162,"line":236,"wp_function":220},{"id":238,"type":212,"label":223,"file":162,"line":240},{"id":242,"type":217,"label":243,"file":162,"line":244,"wp_function":245},[266,267,268,269],{"from":211,"to":216,"sanitized":248},{"from":222,"to":226,"sanitized":248},{"from":231,"to":235,"sanitized":248},{"from":238,"to":242,"sanitized":248},{"summary":271,"deductions":272},"The 'wp-open-street-map' plugin v1.35 exhibits a generally strong security posture with excellent adherence to secure coding practices. The static analysis reveals a minimal attack surface, with only one shortcode as an entry point and no unprotected handlers or routes. The code demonstrates responsible handling of SQL queries, with a high percentage using prepared statements, and an impressive 99% of output being properly escaped, significantly mitigating common web vulnerabilities like Cross-Site Scripting (XSS). The plugin also incorporates a respectable number of nonce and capability checks, further bolstering its defenses. The absence of file operations and external HTTP requests also reduces potential attack vectors.\n\nDespite these strengths, there is a past vulnerability history, including one medium-severity CVE, which was reported in October 2023. While the plugin currently has no unpatched CVEs, this history indicates a pattern of past security weaknesses, specifically related to Cross-Site Request Forgery (CSRF). Although the current analysis shows no critical or high-severity taint flows and no unsanitized paths, the past CSRF vulnerability, if it was not addressed through input validation or nonce checks on its entry points, could still represent a latent risk if not fully remediated or if similar vulnerabilities arise in the future.\n\nIn conclusion, 'wp-open-street-map' v1.35 is a well-developed plugin from a security perspective, demonstrating a commitment to secure coding. Its robust output escaping, prepared SQL statements, and limited attack surface are significant strengths. However, the presence of a past medium-severity CSRF vulnerability, even if patched, warrants a degree of caution and ongoing vigilance. Future development should continue to prioritize input validation and secure handling of all user-submitted data, especially in the context of its single shortcode entry point.",[273],{"reason":274,"points":128},"Past medium severity CVE (CSRF)","2026-03-16T18:25:52.546Z",{"wat":277,"direct":283},{"assetPaths":278,"generatorPatterns":280,"scriptPaths":281,"versionParams":282},[279],"\u002Fwp-content\u002Fplugins\u002Fwp-open-street-map\u002Fcss\u002Fadmin.css",[],[],[],{"cssClasses":284,"htmlComments":285,"htmlAttributes":286,"restEndpoints":288,"jsGlobals":289,"shortcodeOutput":290},[],[],[287],"data-wp-osm-map-id",[],[],[291],"[wp-osm id="]