Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
locator vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4151
The Store Locator WordPress plugin prior to 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Agilelogix Store Locator
NA
CVE-2022-4832
The Store Locator WordPress plugin prior to 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used ag...
Agilelogix Store Locator
NA
CVE-2022-41615
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
Agilelogix Store Locator
NA
CVE-2023-27618
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.
Agilelogix Store Locator
NA
CVE-2023-32576
Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.
Plainwaire Locatoraid Store Locator
4.6
CVSSv2
CVE-2021-42563
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions before 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
Ni Ni Service Locator
NA
CVE-2024-22282
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a up to and including 2.6.1.
Simplemap-plugin Simplemap Store Locator
NA
CVE-2023-0152
The WP Multi Store Locator WordPress plugin up to and including 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
Wpexperts Wp Multi Store Locator
3.6
CVSSv2
CVE-2008-0819
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Plutostatus Plutostatus Locator 1.0pre Alpha
1 EDB exploit
6.5
CVSSv2
CVE-2021-24289
There is functionality in the Store Locator Plus for WordPress plugin up to and including 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
De-baat Store Locator Plus
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »