Lucene search
K

4 matches found

CVE
CVE
added 2023/09/25 3:56 p.m.53 views

CVE-2023-4476

The CVE-2023-4476 entry concerns the Locatoraid Store Locator WordPress plugin, affected version prior to 3.9.24. The vulnerability is a Reflected Cross-Site Scripting caused by improper sanitisation/escaping of the lpr-search parameter when it is output back to the page. This could allow an atta...

6.1CVSS6AI score0.0042EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/25 3:56 p.m.7 views

CVE-2023-4476 Locatoraid Store Locator < 3.9.24 - Reflected XSS

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.0042EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/09/25 3:56 p.m.20 views

CVE-2023-4476 Locatoraid Store Locator < 3.9.24 - Reflected XSS

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.0042EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.13 views

WordPress Locatoraid Store Locator Plugin < 3.9.24 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions 3.9.24 Fixed in 3.9.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4476 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce175b515c5f Credits Dao Xuan...

6.1CVSS5.9AI score0.0042EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder