CVE-2021-24290

Summary

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.

Affected Software

VendorProductVersion RangeStatus
Store Locator Plus®Store Locator Plus for WordPress5.5.15 <= 5.5.15affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References