CVE-2025-58886 WordPress Instant Locations Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tan Nguyen Instant Locations instant-locations allows Stored XSS.This issue affects Instant Locations: from n/a through = 1.0...

CVE-2025-58886

CVE-2025-58886 describes a stored XSS in the WordPress plugin Instant Locations (versions up to 1.0). The issue stems from Improper Neutralization of Input During Web Page Generation , enabling stored cross-site scripting. The CVE entry lists this as a WordPress plugin vulnerability with a base C...

CVE-2025-7660

The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapmylocations' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-41797

CVE-2023-41797 : The WordPress plugin Locations (Gold Plugins Locations) , affected in versions &lt;= 4.0, contains a Stored Cross-Site Scripting (XSS) vulnerability. Connected sources confirm the issue affects the Locations plugin with contributor+ (and higher) roles storing scripts that can be ...

WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Locations Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41797 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81c369e01ba7 Credits Rio Darmawan Required privilege...

CVE-2021-4394

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

CVE-2021-4394

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

Cross site request forgery (csrf)

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

CVE-2021-4394 Locations <= 3.2.1 - Cross-Site Request Forgery Bypass

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

CVE-2021-4394

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

CVE-2021-4394

CVE-2021-4394 – WordPress Locations plugin : A CSRF flaw in the Locations plugin for WordPress affects versions up to 3.2.1. The root cause is missing or incorrect nonce validation in the saveCustomFields() function, enabling unauthenticated attackers to modify custom field metadata by crafting a...

PT-2023-12506 · WordPress · Locations

Name of the Vulnerable Software and Affected Versions: Locations plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is due to missing or incorrect nonce validation on the saveCustomFields function, making it possible for unauthenticated attackers to update custom fie...

WordPress WP Job Manager Locations Plugin Arbitrary File Upload Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Powerplay Gallery is one of the gallery plug-ins for displaying images. An arbitrary file upload vulnerability exists ...