CVE-2024-12475

Medium CVSS: 6.4

The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Wpexperts

Product

Wp Multi Store Locator

CWE

CWE-79

Yayın Tarihi

2025-01-04 12:15:24

Güncelleme

2025-02-25 22:46:02

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Wp Multi Store Locator MEDIUM Wpexperts 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3207533/ https://wordpress.org/plugins/wp-multi-store-locator/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/089406e7-4f6a-416b-9077-e17c44069300?source=cve

Benzer Kayıtlar

Medium

CVE-2024-13844

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up…

Medium

CVE-2024-13713

The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all vers…

High

CVE-2025-0521

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in al…

Medium

CVE-2025-24680

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistor…

High

CVE-2025-22800

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Co…