4 matches found
CVE-2026-9060 Agile Store Locator < 1.6.6 - Admin+ Stored XSS via map_style
The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...
CVE-2026-9060 Agile Store Locator < 1.6.6 - Admin+ Stored XSS via map_style
The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...
PT-2024-35760 · WordPress · La-Studio Element Kit For Elementor
Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.3.8.1 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server...
PT-2019-14685 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: Events Manager plugin versions through 5.9.5 Description: The issue arises from improper encoding and insertion of data provided to the map style attribute of shortcodes, specifically locations map and events map, leading to Stored XSS...