3 matches found
CVE-2023-4476
The CVE-2023-4476 entry concerns the Locatoraid Store Locator WordPress plugin, affected version prior to 3.9.24. The vulnerability is a Reflected Cross-Site Scripting caused by improper sanitisation/escaping of the lpr-search parameter when it is output back to the page. This could allow an atta...
CVE-2023-2031
CVE-2023-2031 affects Locatoraid Store Locator (WordPress) with Stored XSS in shortcode attributes due to insufficient input sanitization and output escaping. Affected in versions up to 3.9.14; requires contributor-level+ authentication; can inject scripts executed on page load. Mitigation: updat...
CVE-2023-25709
CVE-2023-25709 is a CSRF vulnerability in the WordPress plugin Locatoraid Store Locator (Plainware) <= 3.9.11. The entry shows a high impact according to NVD CVSS: CVSS:3.1 base score 8.8 (HIGH) with network attack vector, user interaction required. Patch information from Patchstack indicates ...