CVE-2021-24290
N/A
N/A
Summary
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Store Locator Plus® | Store Locator Plus for WordPress | 5.5.15 <= 5.5.15 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
- https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin
References
- https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
- https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.