2 matches found
CVE-2023-41797
CVE-2023-41797 : The WordPress plugin Locations (Gold Plugins Locations) , affected in versions <= 4.0, contains a Stored Cross-Site Scripting (XSS) vulnerability. Connected sources confirm the issue affects the Locations plugin with contributor+ (and higher) roles storing scripts that can be ...
CVE-2021-4394
CVE-2021-4394 – WordPress Locations plugin : A CSRF flaw in the Locations plugin for WordPress affects versions up to 3.2.1. The root cause is missing or incorrect nonce validation in the saveCustomFields() function, enabling unauthenticated attackers to modify custom field metadata by crafting a...