3 matches found
CVE-2026-9060
CVE-2026-9060 concerns the Store Locator WordPress plugin (before 1.6.6). The vulnerability arises because a setting is not sanitized/escaped before storing and outputting it on the admin page, enabling Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is disallo...
CVE-2024-5349
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
CVE-2019-16523
The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...