CVE-2023-4151
- EPSS 8.82%
- Published 04.09.2023 12:15:10
- Last modified 06.03.2025 16:15:44
The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-27618
- EPSS 0.06%
- Published 22.06.2023 09:15:10
- Last modified 21.11.2024 07:53:16
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.
CVE-2022-4832
- EPSS 0.11%
- Published 23.01.2023 15:15:18
- Last modified 02.04.2025 16:15:29
The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting at...
CVE-2022-41615
- EPSS 0.11%
- Published 18.11.2022 23:15:25
- Last modified 21.11.2024 07:23:30
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.