CVE-2021-24290

State: PUBLISHED · Published: 2021-05-17 · Updated: 2024-08-03 · Assigner: WPScan

Description

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Store Locator Plus® / Store Locator Plus for WordPress — v=5.5.15 ≤5.5.15 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719 x_refsource_CONFIRM
https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24290.json