cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9652,https://securityvulnerability.io/vulnerability/CVE-2024-9652,Uncovered Reflected Cross-Site Scripting Vulnerability in Store Locator Plugin,"The Locatoraid Store Locator plugin for WordPress exposes a serious security flaw through reflected cross-site scripting, allowing attackers to exploit insufficient sanitization of user input. This vulnerability affects all versions of the plugin up to and including 3.9.47, enabling unauthenticated users to inject malicious scripts that can execute in the context of a victim's browser. An attacker can leverage this by tricking users into clicking specially crafted links, potentially leading to unauthorized actions and data theft. It is crucial for website administrators using this plugin to implement necessary security measures and ensure their installations are updated to mitigate risk.",Wordpress,Locatoraid Store Locator,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-10-16T02:05:06.634Z,0
CVE-2023-4476,https://securityvulnerability.io/vulnerability/CVE-2023-4476,Locatoraid Store Locator < 3.9.24 - Reflected XSS,"The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",Wordpress,Locatoraid Store Locator,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-09-25T16:15:00.000Z,0
CVE-2023-2031,https://securityvulnerability.io/vulnerability/CVE-2023-2031,Stored Cross-Site Scripting in Locatoraid Store Locator Plugin for WordPress,"The Locatoraid Store Locator plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input validation and output escaping of user-supplied attributes in plugin shortcodes. Authenticated attackers with contributor-level permissions can exploit this flaw to inject malicious scripts into web pages, which executes when users access the affected pages. This poses a significant risk of exposing users to harmful scripts, highlighting the importance of keeping the plugin updated and implementing proper security measures.",Wordpress,Locatoraid Store Locator,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-06-09T06:16:00.000Z,0