CVE-2024-9652

The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2023-29283 · WordPress · Locatoraid Store Locator

Name of the Vulnerable Software and Affected Versions: Locatoraid Store Locator WordPress plugin versions prior to 3.9.24 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the lpr-search parameter is not properly sanitised and escaped before being...