VYPR

String Locator

by Instawp

CVEs (3)

  • CVE-2022-2434HigSep 6, 2022
    risk 0.58cvss 8.8epss 0.01

    The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick…

  • CVE-2024-10936Jan 21, 2025
    risk 0.00cvss epss 0.01

    The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP…

  • CVE-2023-6987Aug 24, 2024
    risk 0.00cvss epss 0.00

    The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…