CVE-2025-26974
- EPSS 0.07%
- Published 25.02.2025 15:15:30
- Last modified 25.02.2025 15:15:30
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection. This issue affects WP Multi Store Locator: from n/a through 2.5.1.
CVE-2025-24680
- EPSS 0.05%
- Published 27.01.2025 15:15:15
- Last modified 25.02.2025 20:02:21
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7.
CVE-2024-12475
- EPSS 0.05%
- Published 04.01.2025 12:15:24
- Last modified 25.02.2025 22:46:02
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
CVE-2023-0152
- EPSS 0.12%
- Published 05.06.2023 14:15:09
- Last modified 08.01.2025 17:15:10
The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above...