Unrated severityNVD Advisory· Published May 17, 2021· Updated Aug 3, 2024

Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)

CVE-2021-24290

Description

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.

Affected products

Store Locator Plus®/Store Locator Plus For Wordpressv5
Range: 5.5.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719mitrex_refsource_CONFIRM
www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-pluginmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000