Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
locator vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-2434
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they ...
Instawp String Locator
6.1
CVSSv3
CVE-2023-4151
The Store Locator WordPress plugin prior to 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Agilelogix Store Locator
5.4
CVSSv3
CVE-2022-4832
The Store Locator WordPress plugin prior to 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used ag...
Agilelogix Store Locator
6.1
CVSSv3
CVE-2022-41615
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
Agilelogix Store Locator
5.4
CVSSv3
CVE-2023-32576
Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.
Plainwaire Locatoraid Store Locator
NA
CVE-2008-0819
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Plutostatus Plutostatus Locator 1.0pre Alpha
1 EDB exploit
8.8
CVSSv3
CVE-2021-24289
There is functionality in the Store Locator Plus for WordPress plugin up to and including 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
De-baat Store Locator Plus
6.1
CVSSv3
CVE-2021-24290
There are several endpoints in the Store Locator Plus for WordPress plugin up to and including 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
De-baat Store Locator Plus
5.4
CVSSv3
CVE-2023-0152
The WP Multi Store Locator WordPress plugin up to and including 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
Wpexperts Wp Multi Store Locator
6.1
CVSSv3
CVE-2024-22282
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a up to and including 2.6.1.
Simplemap-plugin Simplemap Store Locator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »