Lucene search
K

71 matches found

Prion
Prion
added 2023/09/25 4:15 p.m.16 views

Cross site scripting

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8CVSS6AI score0.0042EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/09/25 3:56 p.m.53 views

CVE-2023-4476

The CVE-2023-4476 entry concerns the Locatoraid Store Locator WordPress plugin, affected version prior to 3.9.24. The vulnerability is a Reflected Cross-Site Scripting caused by improper sanitisation/escaping of the lpr-search parameter when it is output back to the page. This could allow an atta...

6.1CVSS6AI score0.0042EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/25 3:56 p.m.7 views

CVE-2023-4476 Locatoraid Store Locator < 3.9.24 - Reflected XSS

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.0042EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/09/25 3:56 p.m.20 views

CVE-2023-4476 Locatoraid Store Locator < 3.9.24 - Reflected XSS

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.0042EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.5 views

PT-2023-29283 · WordPress · Locatoraid Store Locator

Name of the Vulnerable Software and Affected Versions: Locatoraid Store Locator WordPress plugin versions prior to 3.9.24 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the lpr-search parameter is not properly sanitised and escaped before being...

6.1CVSS6AI score0.0042EPSS
Exploits2References4
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.13 views

WordPress Locatoraid Store Locator Plugin < 3.9.24 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions 3.9.24 Fixed in 3.9.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4476 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce175b515c5f Credits Dao Xuan...

6.1CVSS5.9AI score0.0042EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.139 views

Locatoraid Store Locator < 3.9.24 - Reflected XSS

Description The plugin does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Setup as admin: - Locatoraid Configuration Google Maps Enter "none" at...

6.1CVSS6.1AI score0.0042EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/08/30 12:0 a.m.13 views

Locatoraid Store Locator < 3.9.24 - Reflected XSS

Description The plugin does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Setup as admin: - Locatoraid Configuration Google Maps Enter "none" a...

6.1CVSS6.1AI score0.0042EPSS
Exploits2Affected Software1
NVD
NVD
added 2023/08/25 9:15 a.m.25 views

CVE-2023-32576

Auth. subscriber+ Stored Cross-Site Scripting' vulnerability in Plainware Locatoraid Store Locator plugin = 3.9.18 versions...

6.5CVSS6.3AI score0.00358EPSS
Exploits0References1
Prion
Prion
added 2023/08/25 9:15 a.m.14 views

Cross site scripting

Auth. subscriber+ Stored Cross-Site Scripting' vulnerability in Plainware Locatoraid Store Locator plugin = 3.9.18 versions...

4.9CVSS5.4AI score0.00358EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/25 8:38 a.m.44 views

CVE-2023-32576

CVE-2023-32576 affects the WordPress plugin Locatoraid Store Locator (Locatoraid) up to version 3.9.18. The issue is a Stored Cross-Site Scripting (XSS) vulnerability that requires Subscriber privileges to exploit. PatchStack confirms the fix was released in version 3.9.19. Public references also...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/25 8:38 a.m.24 views

CVE-2023-32576 WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)

Auth. subscriber+ Stored Cross-Site Scripting' vulnerability in Plainware Locatoraid Store Locator plugin = 3.9.18 versions...

6.5CVSS6.5AI score0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/25 8:38 a.m.12 views

CVE-2023-32576 WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)

Auth. subscriber+ Stored Cross-Site Scripting' vulnerability in Plainware Locatoraid Store Locator plugin = 3.9.18 versions...

6.5CVSS6.6AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.4 views

WordPress plugin Locatoraid Store Locator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.6AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2023/06/09 6:16 a.m.9 views

CVE-2023-2031

The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00488EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2031

The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7AI score0.00488EPSS
Exploits0References4
Prion
Prion
added 2023/06/09 6:16 a.m.17 views

Cross site scripting

The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS5AI score0.00488EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.18 views

CVE-2023-2031 Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6.8AI score0.00488EPSS
Exploits0References3
CVE
CVE
added 2023/06/09 5:33 a.m.48 views

CVE-2023-2031

CVE-2023-2031 affects Locatoraid Store Locator (WordPress) with Stored XSS in shortcode attributes due to insufficient input sanitization and output escaping. Affected in versions up to 3.9.14; requires contributor-level+ authentication; can inject scripts executed on page load. Mitigation: updat...

5.4CVSS5AI score0.00488EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.5 views

WordPress Plugin Locatoraid Store Locator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS6.8AI score0.00488EPSS
Exploits0References4
Rows per page
Query Builder