VYPR

Store Locator Plus

by WordPress

CVEs (3)

  • CVE-2021-24289HigMay 17, 2021
    risk 0.57cvss 8.8epss 0.01

    There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.

  • CVE-2021-24290MedMay 17, 2021
    risk 0.40cvss 6.1epss 0.01

    There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.

  • CVE-2024-43258MedAug 26, 2024
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.