Vulnerability Details CVE-2021-24290
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 85.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
- https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin
- https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
- https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin
Products affected by CVE-2021-24290
-
cpe:2.3:a:de-baat:store_locator_plus:*