Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Store_locator
(Agilelogix)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 4 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-01-23 | CVE-2022-4832 | The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | Store_locator | 5.4 | ||
2023-09-04 | CVE-2023-4151 | The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | Store_locator | 6.1 | ||
2023-06-22 | CVE-2023-27618 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions. | Store_locator | 4.8 | ||
2022-11-18 | CVE-2022-41615 | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | Store_locator | 6.1 |