Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
locator vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4151
The Store Locator WordPress plugin prior to 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Agilelogix Store Locator
NA
CVE-2022-41615
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
Agilelogix Store Locator
NA
CVE-2023-27618
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.
Agilelogix Store Locator
NA
CVE-2022-4832
The Store Locator WordPress plugin prior to 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used ag...
Agilelogix Store Locator
NA
CVE-2023-32576
Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.
Plainwaire Locatoraid Store Locator
3.6
CVSSv2
CVE-2008-0819
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Plutostatus Plutostatus Locator 1.0pre Alpha
1 EDB exploit
NA
CVE-2023-0152
The WP Multi Store Locator WordPress plugin up to and including 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
Wpexperts Wp Multi Store Locator
6.5
CVSSv2
CVE-2021-24289
There is functionality in the Store Locator Plus for WordPress plugin up to and including 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
De-baat Store Locator Plus
4.3
CVSSv2
CVE-2021-24290
There are several endpoints in the Store Locator Plus for WordPress plugin up to and including 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
De-baat Store Locator Plus
NA
CVE-2024-22282
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a up to and including 2.6.1.
Simplemap-plugin Simplemap Store Locator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »