CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56283 – WordPress Locatoraid Store Locator Plugin <= 3.9.50 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-56283
03 Jan 2025 — Deserialization of Untrusted Data vulnerability in plainware.com Locatoraid Store Locator allows Object Injection.This issue affects Locatoraid Store Locator: from n/a through 3.9.50. La vulnerabilidad de deserialización de datos no confiables en plainware.com Locatoraid Store Locator permite la inyección de objetos. Este problema afecta a Locatoraid Store Locator: desde n/a hasta 3.9.50. The Locatoraid Store Locator plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including... • https://patchstack.com/database/wordpress/plugin/locatoraid/vulnerability/wordpress-locatoraid-store-locator-plugin-3-9-50-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30181 – WordPress Locatoraid Store Locator plugin <= 3.9.30 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30181
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Plainware Locatoraid Store Locator permite XSS almacenado. Este problema afecta a Locatoraid Store Locator: desde n/a hasta 3.9.30. The Locatoraid Store Locator ... • https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-30-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •