CVSS: 6.4EPSS: 21%CPEs: 1EXPL: 1CVE-2023-4284 – Post Timeline < 2.2.6 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-4284
10 Aug 2023 — The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El plugin de WordPress Post Timeline anterior a la versión 2.2.6 no sanea y escapa de un nonce inválido antes de devolverlo en una respuesta AJAX, lo que lleva a un Reflected Cross-Site Scripting que podría ser utilizado contra usuarios con privilegios elevados co... • https://wpscan.com/vulnerability/1c126869-0afa-456f-94cc-10334964e5f9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 17%CPEs: 1EXPL: 1CVE-2023-4151 – Store Locator WordPress < 1.4.13 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-4151
10 Aug 2023 — The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El plugin Store Locator para WordPress anterior a la versión 1.4.13 no sanitiza ni escapa un nonce inválido antes de devolverlo en una respuesta AJAX, lo que da lugar a un Cross-Site Scripting (XSS) reflejado que podría utilizarse contra usuarios con privilegios ... • https://wpscan.com/vulnerability/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27618 – WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27618
20 Mar 2023 — Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions. The Store Locator WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting 'category_name', 'description', 'description_2' and other form parameters in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with editor-level access, and above, to inject arbitrary web scri... • https://patchstack.com/database/vulnerability/agile-store-locator/wordpress-store-locator-wordpress-plugin-1-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4832 – Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2022-4832
24 Dec 2022 — The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento Store Locator de WordPress anterior a 1.4.9 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios... • https://wpscan.com/vulnerability/735a33e1-63fb-4f17-812c-3e68709b5c2c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41615 – WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-41615
28 Sep 2022 — Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. Cross-Site Scripting (XSS) a través de la vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Store Locator en versiones <= 1.4.5 en WordPress. The Store Locator WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.5. This is due to missing or incorrect nonce validation on the handle_request function. Th... • https://patchstack.com/database/vulnerability/agile-store-locator/wordpress-store-locator-plugin-1-4-5-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •