CVE-2025-24680

Medium CVSS: 6.1

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through <= 2.4.7.

Vendor

Wpexperts

Product

Wp Multi Store Locator

CWE

CWE-80

Yayın Tarihi

2025-01-27 15:15:15

Güncelleme

2026-04-01 17:18:03

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-80 Wp Multi Store Locator MEDIUM Wpexperts 2025

Referanslar

https://patchstack.com/database/Wordpress/Plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multi-store-locator-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Benzer Kayıtlar

Medium

CVE-2024-13844

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up…

Medium

CVE-2024-13713

The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all vers…

High

CVE-2025-0521

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in al…

High

CVE-2025-22800

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Co…

Medium

CVE-2024-12475

The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and…