The plugin does not properly sanitize input and escape output in its shortcode(s), leading to stored cross-site scripting vulnerabilities for authenticated users with contributor-level permissions or higher.
CPE | Name | Operator | Version |
---|---|---|---|
locatoraid | lt | 3.9.15 |