WP Beacon

OSM – OpenStreetMap

osm · by photoweblog · wordpress.org ↗ · SVN ↗
Active installs
10k+
Current version
6.2.5
Added
2009-04-08
Last updated
2026-04-22 (9d ago)
First seen by beacon
11d ago
Total downloads
685,536

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · benign:academic_tile_server 2026-04-28 09:24:15 (4d ago)
Slugosm
Patternhardcoded_ip_url
Kindbuiltin
Version6.2.5
Hit count2
First hit
File
osm_map/osm-oljs2.php
Line
269
Snippet
$Layer .= 'var layerOSMHillshadeMap = new OpenLayers.Layer.TMS("OSMHillshadeMap", " http://129.206.74.245:8004/tms_hs.ashx?x={x}&y={y}&z={z} ",{ numZoomLevels: 18, type: "png", getURL: getTi
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "osm",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "6.2.5",
    "hit_count": 2,
    "first_hit": {
        "file": "osm_map/osm-oljs2.php",
        "line": 269,
        "snippet": "$Layer .= 'var layerOSMHillshadeMap   = new OpenLayers.Layer.TMS(\"OSMHillshadeMap\", \" http://129.206.74.245:8004/tms_hs.ashx?x={x}&y={y}&z={z} \",{ numZoomLevels: 18, type: \"png\", getURL: getTi"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

SVN committers (2)

Accounts with actual commit access to osm on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
MiKa Young account 2009-04-02 294 2009-04-08 · r108901 2026-04-22 · r3513261
plugin-master 2007-03-09 1 2009-04-06 · r108021 2009-04-06 · r108021

Readme contributors (2)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
MiKa 2009-04-02 294 commits Active
Mika 2005-01-23 Active

Versions (19 most recent)

Version Released Download
6.2.5 2026-04-22 · 9d ago
6.2.3 2026-04-22 · 10d ago
6.2.1 2026-04-18 · 14d ago zip
6.2.0 2026-04-18 · 14d ago zip
6.1.17 2026-04-11 · 21d ago zip
6.1.16 2026-03-29 · 1mo ago zip
6.1.15 2026-03-01 · 2mo ago zip
6.1.14 2026-02-01 · 3mo ago zip
6.1.13 2026-01-25 · 3mo ago zip
6.1.12 2026-01-25 · 3mo ago zip
6.1.4 2024-10-04 · 1y ago zip
6.1.0 2024-09-22 · 1y ago zip
6.0.14 2024-09-22 · 1y ago zip
6.0.13 2024-09-21 · 1y ago zip
6.0.9 2024-09-21 · 1y ago zip
6.0.8 2024-09-21 · 1y ago zip
6.0.7 2024-09-21 · 1y ago zip
6.0.6 2024-09-21 · 1y ago zip
6.0.5 2024-09-20 · 1y ago zip