VYPR

Wp Multi Store Locator

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-28898CriMar 26, 2025
    risk 0.60cvss 9.3epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.2.

  • CVE-2025-26974CriFeb 25, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.1.

  • CVE-2025-24680HigJan 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through <= 2.4.7.

  • CVE-2024-12475MedJan 4, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access…

  • CVE-2023-0152MedJun 5, 2023
    risk 0.35cvss 5.4epss 0.00

    The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site…

  • CVE-2025-31888MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Cross Site Request Forgery.This issue affects WP Multistore Locator: from n/a through <= 2.5.2.